I'm not sure if this is a bug or not, because maybe I'm missing something here with Custom Auth. But, we set up a custom auth for a resource. The custom Auth in the resource calls an API endpoint, which provides us with the Token to pass to an API call for the Resource (Bearer Authorization). It works fine. We run the Resource, it calls the custom auth, passes the token to the resource, and we can query the endpoint associated with the resource.
However, the problem is that we noticed that the Custom Auth workflow runs on every single call to the resource even after we authorize it. This doesn't seem right. The idea is that you create a Resource with a Custom Auth, and once you get the token in this case from the custom auth, why would the Custom Auth run again? BTW, the token we get from the Custom Auth expires in 24 hours, so there is no reason to be requesting this again as it has not expired.
The problem, of course, is that we face API limits on the token request used in the Custom Auth, so our apps break, because the authorization request is denied because it's being requested one every single request to resource.
What am I missing here? Or this is a bug?