feat(oidc): optimize the userinfo endpoint (#7706)

* feat(oidc): optimize the userinfo endpoint * store project ID in the access token * query for projectID if not in token * add scope based tests * Revert "store project ID in the access token" This reverts commit 5f0262f239. * query project role assertion * use project role assertion setting to return roles * workaround eventual consistency and handle PAT * do not append empty project id
2025-08-12 12:27:33 +00:00 · 2024-04-09 16:15:35 +03:00
parent c8e0b30e17
commit 6a51c4b0f5
25 changed files with 528 additions and 159 deletions
--- a/internal/query/testdata/oidc_client_no_settings.json
+++ b/internal/query/testdata/oidc_client_no_settings.json
@@ -1,6 +1,7 @@
 {
  "instance_id": "239520764275982338",
  "app_id": "239520764276441090",
+  "state": 1,
  "client_id": "239520764779364354@zitadel",
  "client_secret": null,
  "redirect_uris": [
@@ -23,7 +24,7 @@
  "clock_skew": 0,
  "additional_origins": null,
  "project_id": "239520764276178946",
-  "state": 1,
+  "project_role_assertion": false,
  "project_role_keys": null,
  "public_keys": null,
  "settings": null