+ // UserInfo 401 => cache the negative result, but
+ // don't return an error (just pass the token through
+ // as a v1 token)
+ s.fakeProvider.UserInfoErrorStatus = 401
+ _, err = call(ctx, nil)
+ c.Check(err, check.IsNil)
+ ent, ok := oidcAuthorizer.cache.Get(accessToken)
+ c.Check(ok, check.Equals, true)
+ c.Check(ent, check.FitsTypeOf, time.Time{})
+
+ // UserInfo succeeds now, but we still have a cached
+ // negative result.
+ s.fakeProvider.UserInfoErrorStatus = 0
+ _, err = call(ctx, nil)
+ c.Check(err, check.IsNil)
+ ent, ok = oidcAuthorizer.cache.Get(accessToken)
+ c.Check(ok, check.Equals, true)
+ c.Check(ent, check.FitsTypeOf, time.Time{})
+
+ tokenCacheNegativeTTL = time.Millisecond
+ cleanup()
+ }
+
+ var exp1 time.Time