chore(oidc): remove feature flag for introspection triggers (#10132)

# Which Problems Are Solved Remove the feature flag that allowed triggers in introspection. This option was a fallback in case introspection would not function properly without triggers. The API documentation asked for anyone using this flag to raise an issue. No such issue was received, hence we concluded it is safe to remove it. # How the Problems Are Solved - Remove flags from the system and instance level feature APIs. - Remove trigger functions that are no longer used - Adjust tests that used the flag. # Additional Changes - none # Additional Context - Closes #10026 - Flag was introduced in #7356 --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
2025-08-11 17:27:31 +00:00 · 2025-06-30 08:48:04 +03:00
parent 14b45b58eb
commit 4cd52f33eb
57 changed files with 247 additions and 659 deletions
--- a/internal/api/grpc/feature/v2/converter.go
+++ b/internal/api/grpc/feature/v2/converter.go
@@ -18,32 +18,30 @@ func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) (*command
 		return nil, err
 	}
 	return &command.SystemFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
-		DisableUserTokenEvent:           req.DisableUserTokenEvent,
-		EnableBackChannelLogout:         req.EnableBackChannelLogout,
-		LoginV2:                         loginV2,
-		PermissionCheckV2:               req.PermissionCheckV2,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
+		DisableUserTokenEvent:          req.DisableUserTokenEvent,
+		EnableBackChannelLogout:        req.EnableBackChannelLogout,
+		LoginV2:                        loginV2,
+		PermissionCheckV2:              req.PermissionCheckV2,
 	}, nil
 }

 func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesResponse {
 	return &feature_pb.GetSystemFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
-		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
-		EnableBackChannelLogout:             featureSourceToFlagPb(&f.EnableBackChannelLogout),
-		LoginV2:                             loginV2ToLoginV2FlagPb(f.LoginV2),
-		PermissionCheckV2:                   featureSourceToFlagPb(&f.PermissionCheckV2),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		DisableUserTokenEvent:          featureSourceToFlagPb(&f.DisableUserTokenEvent),
+		EnableBackChannelLogout:        featureSourceToFlagPb(&f.EnableBackChannelLogout),
+		LoginV2:                        loginV2ToLoginV2FlagPb(f.LoginV2),
+		PermissionCheckV2:              featureSourceToFlagPb(&f.PermissionCheckV2),
 	}
 }

@@ -53,36 +51,34 @@ func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) (*com
 		return nil, err
 	}
 	return &command.InstanceFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		DebugOIDCParentError:            req.DebugOidcParentError,
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
-		DisableUserTokenEvent:           req.DisableUserTokenEvent,
-		EnableBackChannelLogout:         req.EnableBackChannelLogout,
-		LoginV2:                         loginV2,
-		PermissionCheckV2:               req.PermissionCheckV2,
-		ConsoleUseV2UserApi:             req.ConsoleUseV2UserApi,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		DebugOIDCParentError:           req.DebugOidcParentError,
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
+		DisableUserTokenEvent:          req.DisableUserTokenEvent,
+		EnableBackChannelLogout:        req.EnableBackChannelLogout,
+		LoginV2:                        loginV2,
+		PermissionCheckV2:              req.PermissionCheckV2,
+		ConsoleUseV2UserApi:            req.ConsoleUseV2UserApi,
 	}, nil
 }

 func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeaturesResponse {
 	return &feature_pb.GetInstanceFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
-		DisableUserTokenEvent:               featureSourceToFlagPb(&f.DisableUserTokenEvent),
-		EnableBackChannelLogout:             featureSourceToFlagPb(&f.EnableBackChannelLogout),
-		LoginV2:                             loginV2ToLoginV2FlagPb(f.LoginV2),
-		PermissionCheckV2:                   featureSourceToFlagPb(&f.PermissionCheckV2),
-		ConsoleUseV2UserApi:                 featureSourceToFlagPb(&f.ConsoleUseV2UserApi),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		DebugOidcParentError:           featureSourceToFlagPb(&f.DebugOIDCParentError),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		DisableUserTokenEvent:          featureSourceToFlagPb(&f.DisableUserTokenEvent),
+		EnableBackChannelLogout:        featureSourceToFlagPb(&f.EnableBackChannelLogout),
+		LoginV2:                        loginV2ToLoginV2FlagPb(f.LoginV2),
+		PermissionCheckV2:              featureSourceToFlagPb(&f.PermissionCheckV2),
+		ConsoleUseV2UserApi:            featureSourceToFlagPb(&f.ConsoleUseV2UserApi),
 	}
 }

--- a/internal/api/grpc/feature/v2/converter_test.go
+++ b/internal/api/grpc/feature/v2/converter_test.go
@@ -19,24 +19,22 @@ import (

 func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 		LoginV2: &feature_pb.LoginV2{
 			Required: true,
 			BaseUri:  gu.Ptr("https://login.com"),
 		},
 	}
 	want := &command.SystemFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 		LoginV2: &feature.LoginV2{
 			Required: true,
 			BaseURI:  &url.URL{Scheme: "https", Host: "login.com"},
@@ -58,10 +56,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -104,10 +98,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -148,14 +138,13 @@ func Test_systemFeaturesToPb(t *testing.T) {

 func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		DebugOidcParentError:                gu.Ptr(true),
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
-		EnableBackChannelLogout:             gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		DebugOidcParentError:           gu.Ptr(true),
+		OidcSingleV1SessionTermination: gu.Ptr(true),
+		EnableBackChannelLogout:        gu.Ptr(true),
 		LoginV2: &feature_pb.LoginV2{
 			Required: true,
 			BaseUri:  gu.Ptr("https://login.com"),
@@ -163,14 +152,13 @@ func Test_instanceFeaturesToCommand(t *testing.T) {
 		ConsoleUseV2UserApi: gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		DebugOIDCParentError:            gu.Ptr(true),
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
-		EnableBackChannelLogout:         gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		DebugOIDCParentError:           gu.Ptr(true),
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
+		EnableBackChannelLogout:        gu.Ptr(true),
 		LoginV2: &feature.LoginV2{
 			Required: true,
 			BaseURI:  &url.URL{Scheme: "https", Host: "login.com"},
@@ -193,10 +181,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -243,10 +227,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
--- a/internal/api/grpc/feature/v2/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2/integration_test/feature_test.go
@@ -58,7 +58,7 @@ func TestServer_SetSystemFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetSystemFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -76,7 +76,7 @@ func TestServer_SetSystemFeatures(t *testing.T) {
 			args: args{
 				ctx: SystemCTX,
 				req: &feature.SetSystemFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetSystemFeaturesResponse{
@@ -170,8 +170,8 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			name: "some features",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetSystemFeatures(SystemCTX, &feature.SetSystemFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(false),
 				})
 				require.NoError(t, err)
 			},
@@ -184,7 +184,7 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
+				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
@@ -208,7 +208,6 @@ func TestServer_GetSystemFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
@@ -230,7 +229,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: OrgCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -248,7 +247,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetInstanceFeaturesResponse{
@@ -360,10 +359,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_SYSTEM,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -374,9 +369,8 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			name: "some features, no inheritance",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetInstanceFeatures(IamCTX, &feature.SetInstanceFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
-					UserSchema:                          gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -389,10 +383,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
@@ -418,10 +408,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -446,7 +432,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
--- a/internal/api/grpc/feature/v2beta/converter.go
+++ b/internal/api/grpc/feature/v2beta/converter.go
@@ -10,49 +10,45 @@ import (

 func systemFeaturesToCommand(req *feature_pb.SetSystemFeaturesRequest) *command.SystemFeatures {
 	return &command.SystemFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
 	}
 }

 func systemFeaturesToPb(f *query.SystemFeatures) *feature_pb.GetSystemFeaturesResponse {
 	return &feature_pb.GetSystemFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
 }

 func instanceFeaturesToCommand(req *feature_pb.SetInstanceFeaturesRequest) *command.InstanceFeatures {
 	return &command.InstanceFeatures{
-		LoginDefaultOrg:                 req.LoginDefaultOrg,
-		TriggerIntrospectionProjections: req.OidcTriggerIntrospectionProjections,
-		UserSchema:                      req.UserSchema,
-		TokenExchange:                   req.OidcTokenExchange,
-		ImprovedPerformance:             improvedPerformanceListToDomain(req.ImprovedPerformance),
-		DebugOIDCParentError:            req.DebugOidcParentError,
-		OIDCSingleV1SessionTermination:  req.OidcSingleV1SessionTermination,
+		LoginDefaultOrg:                req.LoginDefaultOrg,
+		UserSchema:                     req.UserSchema,
+		TokenExchange:                  req.OidcTokenExchange,
+		ImprovedPerformance:            improvedPerformanceListToDomain(req.ImprovedPerformance),
+		DebugOIDCParentError:           req.DebugOidcParentError,
+		OIDCSingleV1SessionTermination: req.OidcSingleV1SessionTermination,
 	}
 }

 func instanceFeaturesToPb(f *query.InstanceFeatures) *feature_pb.GetInstanceFeaturesResponse {
 	return &feature_pb.GetInstanceFeaturesResponse{
-		Details:                             object.DomainToDetailsPb(f.Details),
-		LoginDefaultOrg:                     featureSourceToFlagPb(&f.LoginDefaultOrg),
-		OidcTriggerIntrospectionProjections: featureSourceToFlagPb(&f.TriggerIntrospectionProjections),
-		UserSchema:                          featureSourceToFlagPb(&f.UserSchema),
-		OidcTokenExchange:                   featureSourceToFlagPb(&f.TokenExchange),
-		ImprovedPerformance:                 featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
-		DebugOidcParentError:                featureSourceToFlagPb(&f.DebugOIDCParentError),
-		OidcSingleV1SessionTermination:      featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
+		Details:                        object.DomainToDetailsPb(f.Details),
+		LoginDefaultOrg:                featureSourceToFlagPb(&f.LoginDefaultOrg),
+		UserSchema:                     featureSourceToFlagPb(&f.UserSchema),
+		OidcTokenExchange:              featureSourceToFlagPb(&f.TokenExchange),
+		ImprovedPerformance:            featureSourceToImprovedPerformanceFlagPb(&f.ImprovedPerformance),
+		DebugOidcParentError:           featureSourceToFlagPb(&f.DebugOIDCParentError),
+		OidcSingleV1SessionTermination: featureSourceToFlagPb(&f.OIDCSingleV1SessionTermination),
 	}
 }

--- a/internal/api/grpc/feature/v2beta/converter_test.go
+++ b/internal/api/grpc/feature/v2beta/converter_test.go
@@ -18,20 +18,18 @@ import (

 func Test_systemFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetSystemFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 	}
 	want := &command.SystemFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 	}
 	got := systemFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -48,10 +46,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelSystem,
 			Value: true,
@@ -79,10 +73,6 @@ func Test_systemFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
@@ -106,20 +96,18 @@ func Test_systemFeaturesToPb(t *testing.T) {

 func Test_instanceFeaturesToCommand(t *testing.T) {
 	arg := &feature_pb.SetInstanceFeaturesRequest{
-		LoginDefaultOrg:                     gu.Ptr(true),
-		OidcTriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                          gu.Ptr(true),
-		OidcTokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:                 nil,
-		OidcSingleV1SessionTermination:      gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		OidcTokenExchange:              gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OidcSingleV1SessionTermination: gu.Ptr(true),
 	}
 	want := &command.InstanceFeatures{
-		LoginDefaultOrg:                 gu.Ptr(true),
-		TriggerIntrospectionProjections: gu.Ptr(false),
-		UserSchema:                      gu.Ptr(true),
-		TokenExchange:                   gu.Ptr(true),
-		ImprovedPerformance:             nil,
-		OIDCSingleV1SessionTermination:  gu.Ptr(true),
+		LoginDefaultOrg:                gu.Ptr(true),
+		UserSchema:                     gu.Ptr(true),
+		TokenExchange:                  gu.Ptr(true),
+		ImprovedPerformance:            nil,
+		OIDCSingleV1SessionTermination: gu.Ptr(true),
 	}
 	got := instanceFeaturesToCommand(arg)
 	assert.Equal(t, want, got)
@@ -136,10 +124,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Level: feature.LevelSystem,
 			Value: true,
 		},
-		TriggerIntrospectionProjections: query.FeatureSource[bool]{
-			Level: feature.LevelUnspecified,
-			Value: false,
-		},
 		UserSchema: query.FeatureSource[bool]{
 			Level: feature.LevelInstance,
 			Value: true,
@@ -167,10 +151,6 @@ func Test_instanceFeaturesToPb(t *testing.T) {
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_SYSTEM,
 		},
-		OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
-			Enabled: false,
-			Source:  feature_pb.Source_SOURCE_UNSPECIFIED,
-		},
 		UserSchema: &feature_pb.FeatureFlag{
 			Enabled: true,
 			Source:  feature_pb.Source_SOURCE_INSTANCE,
--- a/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
+++ b/internal/api/grpc/feature/v2beta/integration_test/feature_test.go
@@ -61,7 +61,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: OrgCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			wantErr: true,
@@ -79,7 +79,7 @@ func TestServer_SetInstanceFeatures(t *testing.T) {
 			args: args{
 				ctx: IamCTX,
 				req: &feature.SetInstanceFeaturesRequest{
-					OidcTriggerIntrospectionProjections: gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
 				},
 			},
 			want: &feature.SetInstanceFeaturesResponse{
@@ -190,10 +190,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -204,9 +200,8 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			name: "some features, no inheritance",
 			prepare: func(t *testing.T) {
 				_, err := Client.SetInstanceFeatures(IamCTX, &feature.SetInstanceFeaturesRequest{
-					LoginDefaultOrg:                     gu.Ptr(true),
-					OidcTriggerIntrospectionProjections: gu.Ptr(false),
-					UserSchema:                          gu.Ptr(true),
+					LoginDefaultOrg: gu.Ptr(true),
+					UserSchema:      gu.Ptr(true),
 				})
 				require.NoError(t, err)
 			},
@@ -219,10 +214,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_INSTANCE,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
@@ -248,10 +239,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 					Enabled: true,
 					Source:  feature.Source_SOURCE_INSTANCE,
 				},
-				OidcTriggerIntrospectionProjections: &feature.FeatureFlag{
-					Enabled: false,
-					Source:  feature.Source_SOURCE_UNSPECIFIED,
-				},
 				UserSchema: &feature.FeatureFlag{
 					Enabled: false,
 					Source:  feature.Source_SOURCE_UNSPECIFIED,
@@ -276,7 +263,6 @@ func TestServer_GetInstanceFeatures(t *testing.T) {
 			}
 			require.NoError(t, err)
 			assertFeatureFlag(t, tt.want.LoginDefaultOrg, got.LoginDefaultOrg)
-			assertFeatureFlag(t, tt.want.OidcTriggerIntrospectionProjections, got.OidcTriggerIntrospectionProjections)
 			assertFeatureFlag(t, tt.want.UserSchema, got.UserSchema)
 		})
 	}
--- a/internal/api/oidc/access_token.go
+++ b/internal/api/oidc/access_token.go
@@ -11,7 +11,6 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/op"
 	"golang.org/x/text/language"

-	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
@@ -122,7 +121,7 @@ func (s *Server) assertClientScopesForPAT(ctx context.Context, token *accessToke
 	if err != nil {
 		return zerrors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")
 	}
-	roles, err := s.query.SearchProjectRoles(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
+	roles, err := s.query.SearchProjectRoles(ctx, false, &query.ProjectRoleSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, nil)
 	if err != nil {
 		return err
 	}
--- a/internal/api/oidc/integration_test/userinfo_test.go
+++ b/internal/api/oidc/integration_test/userinfo_test.go
@@ -18,48 +18,11 @@ import (
 	oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/integration"
-	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
 	"github.com/zitadel/zitadel/pkg/grpc/management"
 	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
 )

-// TestServer_UserInfo is a top-level test which re-executes the actual
-// userinfo integration test against a matrix of different feature flags.
-// This ensure that the response of the different implementations remains the same.
 func TestServer_UserInfo(t *testing.T) {
-	iamOwnerCTX := Instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
-	t.Cleanup(func() {
-		_, err := Instance.Client.FeatureV2.ResetInstanceFeatures(iamOwnerCTX, &feature.ResetInstanceFeaturesRequest{})
-		require.NoError(t, err)
-	})
-	tests := []struct {
-		name    string
-		trigger bool
-	}{
-		{
-			name:    "trigger enabled",
-			trigger: true,
-		},
-		{
-			name:    "trigger disabled",
-			trigger: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			_, err := Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
-				OidcTriggerIntrospectionProjections: &tt.trigger,
-			})
-			require.NoError(t, err)
-			testServer_UserInfo(t)
-		})
-	}
-}
-
-// testServer_UserInfo is the actual userinfo integration test,
-// which calls the userinfo endpoint with different client configurations, roles and token scopes.
-func testServer_UserInfo(t *testing.T) {
 	const (
 		roleFoo = "foo"
 		roleBar = "bar"
--- a/internal/api/oidc/introspect.go
+++ b/internal/api/oidc/introspect.go
@@ -23,12 +23,6 @@ func (s *Server) Introspect(ctx context.Context, r *op.Request[op.IntrospectionR
 		err = oidcError(err)
 		span.EndWithError(err)
 	}()
-
-	features := authz.GetFeatures(ctx)
-	if features.TriggerIntrospectionProjections {
-		query.TriggerIntrospectionProjections(ctx)
-	}
-
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()

--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@@ -33,12 +33,6 @@ func (s *Server) UserInfo(ctx context.Context, r *op.Request[oidc.UserInfoReques
 		err = oidcError(err)
 		span.EndWithError(err)
 	}()
-
-	features := authz.GetFeatures(ctx)
-	if features.TriggerIntrospectionProjections {
-		query.TriggerOIDCUserInfoProjections(ctx)
-	}
-
 	token, err := s.verifyAccessToken(ctx, r.Data.AccessToken)
 	if err != nil {
 		return nil, op.NewStatusError(oidc.ErrAccessDenied().WithDescription("access token invalid").WithParent(err).WithReturnParentToClient(authz.GetFeatures(ctx).DebugOIDCParentError), http.StatusUnauthorized)