Open
Description
When generating a JWT for Envoy Adapter's API Key verification, the remote-proxy uses a hard-coded duration - which is then read and used by Envoy Adapter for setting the expiry of the API Key validation in the cache. However, the API Key may actually be set to expire sooner than that on Apigee. The exp value on the JWT should take the API Key Expiry into account and use the minimum of the duration to its Expiry and the standard cache duration.
Note: By default, API Key verification is only cached for 15 minutes, so the risk of this being a production issue is likely very minimal.