ApiKey caching is not using the cache expiry mechanism

[eschult2001]

[feature request]

In apikeys (and same code in oauth and oauthv2)

microgateway-plugins/apikeys/index.js

Line 201 in 94751da

cache.store(apiKey, decodedToken);

A distinct expiration time is known but not passed to the cache. This could benefit

• less IPC transfer for objects that are expired
• simpler cache retrieval logic (memored already checks the TTL on retrieval)
• proactively evicting stale JWTs from cache making room for more active apiKeys

[srinandan]

When an apikey is presented to MG, it invokes /edgemicro-auth/verifyApikey. The response from verifyApiKey is a JWT. At the moment, the JWT expiry is set to 1 minute (but easily customizable). The current logic stores the api key in cache for as long as the JWT expiry is set to.

I'm happy to add a TTL for the cache itself, but remember there are two dials to operate - a JWT expiry and the cache TTL.

[srinandan]

Here is the PR: #93