A review of the GoAway patch from you would definitely be appreciated (even if there's no actionable feedback like: "this looks good and I managed use it for my own patch successfully")
The Solution: To handle this authorization gap gracefully, this patch leverages the pending GoAway protocol message to notify clients.
I didn't look at the patch (I'm on my phone). But my first thought is that only relying on the proposed version of GoAway is insufficient for anything related to security. The GoAway message is both best effort, and only supported with newer protocol versions. So while I think it's a good usecase for GoAway, I think there *also* needs to be a hard timeout at which point the connection gets forcefully terminated if it's using old credentials.
Regarding the configurable interval that you describe for checking auth changes, I think it might be better to register a SysCache update receiver instead (or just poll the SysCache value
