Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The expiry configuration currently contains a global setting for Dex token behaviour.

However, for a single organization using Dex, there can be apps that have different requirements towards such time windows, which can be non-negotiable, e.g. due to regulatory requirements. The limitation of a global setting means that client apps having such requirements are effectively blocked from using a single Dex provider as the IDP for their respective use case.

Proposed Solution

Allow for per-client opt-inexpiry settings. If this setting is not set on the static client, it fallbacks to the original global configuration.

This allows customised client use cases to be supported, and a central Dex provider to be used

Alternatives Considered

An alternative could be to spin up multiple Dex providers with different time window requirements within the organization, but it is costly to maintain, and difficult to reason about, when these should be utilising the same central provider.

Additional Information

No response