We are crossing into the territory covered by the conversation in this post.
The lookup is directly against redis, so it will always return data if it is in the DB. The function will not check expires, you would need to do that yourself or as per the suggestion in the other post, you let Tyk do it for you when you set an internal auth header.
You could do this, or you could let the auth middleware do it for you as mentioned above…