add config flag for experimental introspection

cmd/defaults.yaml

@@ -314,6 +314,8 @@ OIDC:
       Path: /oauth/v2/device_authorization # ZITADEL_OIDC_CUSTOMENDPOINTS_DEVICEAUTH_PATH
   DefaultLoginURLV2: "/login?authRequest=" # ZITADEL_OIDC_DEFAULTLOGINURLV2
   DefaultLogoutURLV2: "/logout?post_logout_redirect=" # ZITADEL_OIDC_DEFAULTLOGOUTURLV2
+  Features:
+    ExperimentalIntrospection: true
 
 SAML:
   ProviderConfig:

internal/api/oidc/introspect.go

@@ -22,6 +22,11 @@ import (
 func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionRequest]) (resp *op.Response, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
+
+	if !s.features.ExperimentalIntrospection {
+		return s.LegacyServer.Introspect(ctx, r)
+	}
+
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 

internal/api/oidc/op.go

@@ -45,6 +45,7 @@ type Config struct {
 	DeviceAuth                        *DeviceAuthorizationConfig
 	DefaultLoginURLV2                 string
 	DefaultLogoutURLV2                string
+	Features                          Features
 }
 
 type EndpointConfig struct {
@@ -63,6 +64,10 @@ type Endpoint struct {
 	URL  string
 }
 
+type Features struct {
+	ExperimentalIntrospection bool
+}
+
 type OPStorage struct {
 	repo                              repository.Repository
 	command                           *command.Commands
@@ -120,6 +125,7 @@ func NewServer(
 
 	server := &Server{
 		LegacyServer:        op.NewLegacyServer(provider, endpoints(config.CustomEndpoints)),
+		features:            config.Features,
 		repo:                repo,
 		query:               query,
 		command:             command,

internal/api/oidc/server.go

@@ -20,6 +20,7 @@ import (
 type Server struct {
 	http.Handler
 	*op.LegacyServer
+	features Features
 
 	repo    repository.Repository
 	query   *query.Queries