I’ve managed to set Tyk up with an external JWT token generator – yay!
The next question is, we would like to stop honoring a given JWT after 15 minutes of inactivity (but a user could keep using the same token indefinitely so long as they’re actively using it). Is there any way in Tyk to track a token’s usage and disable it after a period of inactivity?
On a side note, I plan to extract certain claims from the token and populate them into request parameters (for instance, to provide the username and related data encoded in the token to the back-end services without them all needing the token-decoding logic). I saw a post saying you could do this in a custom Tyk plugin, which I plan to explore. It sounds like a nice feature for a future release, though – if I could just specify the origin claim name (including the standard “sub” as well as custom claims) and destination request parameter name, for a list of claims, and Tyk had logic to move the claims to request parameters, that would be awesome.