theganyo
commented
4 years ago Basically, it's going to look something like this:
- When an API Key check comes in, check a LRU cache.
- If token is cached, initiate background check if token is expired, return cached token.
- If token is not cached, check bad token cache, return invalid if present.
- If token is in neither cache, make a synchronous request to Apigee to refresh it. Update good and bad caches.
Current behavior is for API Keys to be internally be converted to JWT's that expire after 15 minutes at which point they must be renewed. Instead, API Keys should continue to operate despite JWT expiration when the adapter is disconnected from Apigee.