feat(oidc): optimize the userinfo endpoint (#7706)

* feat(oidc): optimize the userinfo endpoint * store project ID in the access token * query for projectID if not in token * add scope based tests * Revert "store project ID in the access token" This reverts commit 5f0262f239. * query project role assertion * use project role assertion setting to return roles * workaround eventual consistency and handle PAT * do not append empty project id
2025-08-11 21:17:32 +00:00 · 2024-04-09 16:15:35 +03:00
parent c8e0b30e17
commit 6a51c4b0f5
25 changed files with 528 additions and 159 deletions
--- a/internal/query/oidc_client.go
+++ b/internal/query/oidc_client.go
@@ -35,11 +35,12 @@ type OIDCClient struct {
 	AdditionalOrigins        []string                   `json:"additional_origins,omitempty"`
 	PublicKeys               map[string][]byte          `json:"public_keys,omitempty"`
 	ProjectID                string                     `json:"project_id,omitempty"`
+	ProjectRoleAssertion     bool                       `json:"project_role_assertion,omitempty"`
 	ProjectRoleKeys          []string                   `json:"project_role_keys,omitempty"`
 	Settings                 *OIDCSettings              `json:"settings,omitempty"`
 }

-//go:embed embed/oidc_client_by_id.sql
+//go:embed oidc_client_by_id.sql
 var oidcClientQuery string

 func (q *Queries) GetOIDCClientByID(ctx context.Context, clientID string, getKeys bool) (client *OIDCClient, err error) {