[#OPENAM-15805] idtokeninfo endpoint gives invalid signature error when ID Token is expired

curl --location --request POST 'http://localam.example.com:8080/openam/oauth2/idtokeninfo' \
--header 'Cookie: iPlanetDirectoryPro=nNOjfZL3H7OWKVuJT0puyraW-Xg.*AAJTSQACMDEAAlNLABx6emtGeFljZDkrOFkvZGk2cW1Ec1p0cWRzQ0k9AAR0eXBlAANDVFMAAlMxAAA.*' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=test' \
--data-urlencode 'client_secret=test' \
--data-urlencode 'id_token=eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiaXRvWkt4QWNGU2JOUWFpcWlFMEhSZyIsInN1YiI6ImRlbW8iLCJhdWRpdFRyYWNraW5nSWQiOiIyODc3NDJlMS1hZDA0LTQzNDktOWQ5Yi0wNzI4YTc2ZDE2OWUtNzIyNCIsImlzcyI6Imh0dHA6Ly9sb2NhbGFtLmV4YW1wbGUuY29tOjgwODAvb3BlbmFtL29hdXRoMiIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwiYXVkIjoidGVzdCIsImNfaGFzaCI6IkhwbG9QeGJieWhZQ1JOazZEOUczUmciLCJhY3IiOiIwIiwib3JnLmZvcmdlcm9jay5vcGVuaWRjb25uZWN0Lm9wcyI6IkFzb3ZFcVN2bkQwV0hQaE5VRkFCQWt1cHFuZyIsImF6cCI6InRlc3QiLCJhdXRoX3RpbWUiOjE1NzY3NjQ4ODIsInJlYWxtIjoiLyIsImV4cCI6MTU3Njc2ODUwMiwidG9rZW5UeXBlIjoiSldUVG9rZW4iLCJpYXQiOjE1NzY3NjQ5MDJ9.jvtlEwY1dYZhuTgUYk2b0iUTT965w-X-iWoWQBWFMqnCclk9m1LH_jRPkgYgQFOVhUQk9ADHqaSZFG52xsVF0Zf7u3KAk_gPbXqKvU3PFH6wU7dgCSpyM3q_kBRbBEC1XkBJAO3QqjrjRStAM9S6u3zLkIrR8ICZlUDP7TBBta-64EceTT6IA4J4RbF5d0sYAGmWnePM7ObjxQh8Sd18F4IqdkyNBMQKjCdE1KDcUPs2-UU3atuiUqkcILOFKbtoXZnIusZm-CM7QX0axrOuHtT43ElkVmYa1O2AHPwodld-1pIPwb3X84hm-WdzMQzfxVp_8SBl1KCZHZnIW7o5Qw'

Probably updating openam-oauth2/src/main/java/org/forgerock/openidconnect/restlet/IdTokenInfo.java#validateIdToken
to check idToken.isExpired() first before calling clientRegistration.verifyIdTokenSignedByUsWithConfiguredAlg(idToken)
would be the most simplest direct fix (just that we return expired check first) w/o much issue.

[OPENAM-15805] idtokeninfo endpoint gives invalid signature error when ID Token is expired Created: 20/Dec/19 Updated: 25/Jun/20 Resolved: 16/Feb/20
Status:	Closed
Project:	OpenAM
Component/s:	OpenID Connect
Affects Version/s:	6.5.1, 6.5.2, 6.5.2.1, 6.5.2.2
Fix Version/s:	5.5.2, 7.0.0, 6.5.3

[OPENAM-15805] idtokeninfo endpoint gives invalid signature error when ID Token is expired Created: 20/Dec/19 Updated: 25/Jun/20 Resolved: 16/Feb/20

Bug description

How to reproduce the issue

Current behaviour