Return the cached TokenInfo for token if present and unexpired.
Number of live (not yet swept) entries.
Cache a positive result for token. The entry expiry is the TTL, clamped down to the token's own exp (RFC 7662) when present, so a cached result never outlives the token it represents. Expired entries are swept on every call; when the cap would be exceeded by a new key, the soonest-expiring entry is evicted first.
Default maximum number of live cache entries.
A short-TTL cache of positive (active:true) introspection results, keyed by the raw token. Negative results are never cached.
The keyed lookup is not constant-time, but a hit requires the attacker to already present a token that introspected as active, so it is not a guessing oracle; opaque bearer tokens are assumed to be high-entropy secrets.
Every put sweeps entries whose expiresAt is in the past, and when a new key would push entries.length past maxEntries, the entry with the earliest expiresAt is evicted. This keeps memory bounded under sustained load with many distinct short-lived tokens.