feat(oidc): optimize the userinfo endpoint (#7706)

* feat(oidc): optimize the userinfo endpoint * store project ID in the access token * query for projectID if not in token * add scope based tests * Revert "store project ID in the access token" This reverts commit 5f0262f239. * query project role assertion * use project role assertion setting to return roles * workaround eventual consistency and handle PAT * do not append empty project id
2025-08-11 21:37:32 +00:00 · 2024-04-09 16:15:35 +03:00
parent c8e0b30e17
commit 6a51c4b0f5
25 changed files with 528 additions and 159 deletions
--- a/internal/query/auth_request_by_id.sql
+++ b/internal/query/auth_request_by_id.sql
@@ -0,0 +1,15 @@
+select
+    id,
+    creation_date,
+    login_client,
+    client_id,
+    scope,
+    redirect_uri,
+    prompt,
+    ui_locales,
+    login_hint,
+    max_age,
+    hint_user_id
+from projections.auth_requests %s
+where id = $1 and instance_id = $2
+limit 1;