The "invalid_grant" error occurs again when loading the offline client session with an early creation time.

[lexcao]

Before reporting an issue

• I have searched existing issues
• I have reproduced the issue with the latest nightly release

Area

infinispan

Describe the bug

Background

The origin issue was #9959 and wax fixed by #17490.

Regarding to the loading client session, I also proposed a fix #8671 long time ago.

From that time I made those customization in our production, and everything works well.

Recently, We update our Keycloak version to 22.0.3 and replace the customization with that fix.

And the invaid_grant error occurs again.

I compared the code between my customization and keycloak implementation, and find that,
there is checkExpiration added in the importClientSession method

https://github.com/keycloak/keycloak/blob/main/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProvider.java#L1072-L1080

Issue

When refreshing token, there was error invalid_grant and error description is Session doesn't have required client
The offline client session fails to load properly, while the offline user session loads successfully.

Version

22.0.3

Expected behavior

Offline client session loads successfully.

Actual behavior

When refreshing token, there was error invalid_grant and error description is Session doesn't have required client

How to Reproduce?

The steps are same as the #9959

And, the timestamp for the offline client session in the database should be a time before the offline session idle time or offline max session time (if set)

Anything else?

I have identified the problem and will submit a PR later.