Encoding data into plaintext keys

[mcstepp]

Is your feature request related to a problem? Please describe.

Right now a key bears no information at all and requires a call to unkey before knowing about the caller identity. If we could extract the caller's id from the key without doing a network request, we could run tasks in parallel to the key verification and lower the overall latency of the handler function.
Describe the solution

Encoding any kind of information into the plaintext key, requires that we cryptographically sign everything to prevent anyone from forging encoded data in keys.

When creating new keys, the user may choose to add data that will be encoded and be part of the raw plaintext key. The downside is that keys may become much longer, as they include arbitrary data as well as a signature.

When verifying a key, we can provide functions in the sdk to extract said data without doing a network request. The user must still do a verification afterwards to ensure the key has not been disabled or exceeded limits, but they can start running some networked tasks (database lookup etc) in parallel to the verification.

Imported, or older keys will not retroactively be changed, unkey's customer is expected to ask their users to rotate their keys.

Describe alternatives you have considered (if any)

JWTs or any form of expiring token, but they're annoying to deal with from the end user's side as they need to refresh them constantly.

[chronark]

Looks like we lost the formatting, there were a few headings here, now it's hard to read