update docs + remove unneeded code

Author: zvonand

docs/en/operations/external-authenticators/tokens.md

@@ -24,6 +24,7 @@ To define an access token processor, add `access_token_processors` section to `c
         <gogoogle>
             <provider>Google</provider>
             <email_filter>^[A-Za-z0-9._%+-]+@example\.com$</email_filter>
+            <cache_lifetime>600</cache_lifetime>
         </gogoogle>
         <azuure>
             <provider>azure</provider>
@@ -41,10 +42,16 @@ Different providers have different sets of parameters.
 **Parameters**
 
 - `provider` -- name of identity provider. Mandatory, case-insensitive. Supported options: "Google", "Azure".
+- `cache_lifetime` --  maximum lifetime of cached token (in seconds). Optional, default: 3600.
 - `email_filter` -- Regex for validation of user emails. Optional parameter, only for Google IdP.
 - `client_id` -- Azure AD (Entra ID) client ID. Optional parameter, only for Azure IdP.
 - `tenant_id` -- Azure AD (Entra ID) tenant ID. Optional parameter, only for Azure IdP.
 
+### Tokens cache
+To reduce number of requests to IdP, tokens are cached internally for no longer then `cache_lifetime` seconds.
+If token expires sooner than `cache_lifetime`, then cache entry for this token will only be valid while token is valid.
+If token lifetime is longer than `cache_lifetime`, cache entry for this token will be valid for `cache_lifetime`. 
+
 ## IdP as External Authenticator {#idp-external-authenticator}
 
 Locally defined users can be authenticated with an access token. To allow this, `jwt` must be specified as user's authentication method. Example:

src/Access/AccessTokenProcessor.cpp

@@ -115,11 +115,9 @@ std::unique_ptr<IAccessTokenProcessor> IAccessTokenProcessor::parseTokenProcesso
                 throw Exception(ErrorCodes::INVALID_CONFIG_PARAMETER,
                                 "Could not parse access token processor {}: tenant_id must be specified", name);
 
-            String client_id_str = config.getString(prefix + ".client_id");
             String tenant_id_str = config.getString(prefix + ".tenant_id");
-            String client_secret_str  = config.hasProperty(prefix + ".client_secret") ? config.getString(prefix + ".client_secret") : "";
 
-            return std::make_unique<AzureAccessTokenProcessor>(name, cache_lifetime, email_regex_str, client_id_str, tenant_id_str, client_secret_str);
+            return std::make_unique<AzureAccessTokenProcessor>(name, cache_lifetime, email_regex_str, tenant_id_str);
         }
         else
             throw Exception(ErrorCodes::INVALID_CONFIG_PARAMETER,

src/Access/AccessTokenProcessor.h

@@ -84,23 +84,14 @@ class AzureAccessTokenProcessor : public IAccessTokenProcessor
     AzureAccessTokenProcessor(const String & name_,
                               const UInt64 cache_invalidation_interval_,
                               const String & email_regex_str,
-                              const String & client_id_,
-                              const String & tenant_id_,
-                              const String & client_secret_)
+                              const String & tenant_id_)
                               : IAccessTokenProcessor(name_, cache_invalidation_interval_, email_regex_str),
-                                client_id(client_id_),
-                                tenant_id(tenant_id_),
-                                client_secret(client_secret_),
-                                jwks_uri_str("https://login.microsoftonline.com/" + tenant_id + "/discovery/v2.0/keys") {}
+                                jwks_uri_str("https://login.microsoftonline.com/" + tenant_id_ + "/discovery/v2.0/keys") {}
 
     bool resolveAndValidate(const TokenCredentials & credentials) override;
 private:
     static const Poco::URI user_info_uri;
 
-    const String client_id;
-    const String tenant_id;
-    const String client_secret;
-
     const String jwks_uri_str;
 
     String validateTokenAndGetUsername(const String & token) const;