Add the 'application_id' claim to the '/verifyApiKey' response

[whitlockjc]

When third parties integrate with the Apigee Remote Service, it can be useful to know the application id of the application that an API key corresponds to. The reason for this is two fold:

1. The current information in the response is not enough to guarantee the uniqueness of an application because the 'application_name' claim can be duplicated across applications over time. (For example, you can create an applicaiton 'foo', delete it and then create a new application 'foo' and it will have the same 'application_name' but not the same 'application_id'.)

2. While the 'client_id' is unique, it is considered sensitive information and there are applications where using this might cause this information to leak.

[theganyo]

Will this work in Apigee Edge and OPDK?

[whitlockjc]

It should, the object model for the resource used should be the same. I do know it works for Apigee Edge and Apigee X for sure, but I can't verify on OPDK due to no access to an environment.