I gave a fast look at Microsoft.IdentityModel.JsonWebTokens repository and I noticed that the methods signature like ValidateTokenAsync method don't require the CancellationToken parameter.
However, even though Microsoft didn't add this parameter, isn't still a good practice to complete the asynchronous methods signature of the JwtBearerService class with the CancellationToken?
EDIT: as a breaking change, it would be a better practice to add a CancellationToken parameter even in IApiKeyValidator.ValidateAsync and IBasicAuthenticationValidator.ValidateAsync. This is because we can (for example) implement them in a service that executes query to a database
I gave a fast look at Microsoft.IdentityModel.JsonWebTokens repository and I noticed that the methods signature like ValidateTokenAsync method don't require the CancellationToken parameter.
However, even though Microsoft didn't add this parameter, isn't still a good practice to complete the asynchronous methods signature of the JwtBearerService class with the CancellationToken?
EDIT: as a breaking change, it would be a better practice to add a CancellationToken parameter even in IApiKeyValidator.ValidateAsync and IBasicAuthenticationValidator.ValidateAsync. This is because we can (for example) implement them in a service that executes query to a database