Open eschult2001 opened 5 years ago
When an apikey is presented to MG, it invokes /edgemicro-auth/verifyApikey. The response from verifyApiKey is a JWT. At the moment, the JWT expiry is set to 1 minute (but easily customizable). The current logic stores the api key in cache for as long as the JWT expiry is set to.
I'm happy to add a TTL for the cache itself, but remember there are two dials to operate - a JWT expiry and the cache TTL.
Here is the PR: https://github.com/apigee/microgateway-plugins/pull/93
[feature request]
In apikeys (and same code in oauth and oauthv2) https://github.com/apigee/microgateway-plugins/blob/94751da5776c89a2132d76ce9580591be665dd7b/apikeys/index.js#L201
A distinct expiration time is known but not passed to the cache. This could benefit