ExpiryWindow will allow the credentials to trigger refreshing prior to the credentials actually expiring. This is beneficial so race conditions with expiring credentials do not cause request to fail unexpectedly due to ExpiredTokenException exceptions.

So a ExpiryWindow of 10s would cause calls to IsExpired() to return true 10 seconds before the credentials are actually expired.

If ExpiryWindow is 0 or less it will be ignored.