oidc_refresh_access_token_before_expiry?

[brandonk10]

I'm working off current master, and I'm struggling with this function. The way I understand the logic, it's supposed to refresh the token if it's expired, and returns FALSE if there's an error trying to do that - you're either logged out or re-authenticated if that happens.

My problem seems to be here:
if (t_expires > apr_time_now()) return FALSE;

From what I can tell, this is simply trying to skip the refresh if the token hasn't expired(within TTL). In this case, shouldn't TRUE be returned? I might be doing something else wrong, but I get logged out immediately with this logic, and if I flip to TRUE, my logins start falling through to the application again.

This occurs when "logout_on_error" is included in OIDCRefreshAccessTokenBeforeExpiry.

[brandonk10]

This is fixed in #1111.