Tokens time out at provider

[rostgaard]

Using Google, it seems that the tokens they supply only live for one 3600 seconds and must be renewed. This should be done automatically by the server to enable us to enforce a identity-supplier independent global timeout config key.

A quick remedy could be to cache identity provider objects and maintain a local token -> identity map that times out after the global time out duration value.

[PedersenThomas]

Do we see caching of google profile information as hack?

The only reason we need the token is to validate the users email, and get the information out about the user, so caching of that information seems to me like it will be sufficient, until we introduce another dependency on some other google product, which require ongoing communication.

[rostgaard]

The bug of this fixed so I'll remove that label, but keep the enhancement.