Why does the OIDC plugin not use cached tokens with the client credentials grant, and instead connects to the IdP on every request?
Token caching doesn’t work if both client_credentials
and password
are set as auth methods in the config.auth_methods
parameter, and credentials are sent using the Authorization: Basic
header.
In this scenario, either authentication method could match, but the plugin prioritises the password grant.
To resolve this caching issue, make sure you only have the client_credentials
method enabled.