Closed
Description
We should extract the logic in OidcTokenValidator.validateIdToken() into a new implementation of OAuth2TokenValidator named OidcIdTokenValidator.
The OidcIdTokenValidator instance would than be composed in the required JwtDecoder, for example, NimbusJwtDecoderJwkSupport and NimbusReactiveJwtDecoder.
The classes that would need to be changed are OidcAuthorizationCodeAuthenticationProvider and OidcAuthorizationCodeReactiveAuthenticationManager.
We should also consider exposing OidcIdTokenValidator.setIssuedAtSkew(Duration issuedAtSkew) that would allow for a configurable maxIssuedAt, which is currently hard-coded at 30 secs.