Misleading IsLoggedIn implementation in OpenIDConnectService #35
Description
In the OpenIDConnectService class, the IsLoggedIn property is implemented as:
public bool IsLoggedIn { get => !string.IsNullOrEmpty(AccessToken); }
However, this implementation is misleading:
- The name and XML summary imply reliable login state detection, but the logic only checks whether the AccessToken is non-empty.
- There is no validation of the token's validity, expiry, or whether it has been revoked.
- This could lead to incorrect assumptions elsewhere in the application, where IsLoggedIn == true is interpreted as "user is currently authenticated".
Suggestion: Either rename the property to something more neutral (e.g. HasAccessToken) or implement a token validation there.