feat(oidc): optimize the userinfo endpoint (#7706)

* feat(oidc): optimize the userinfo endpoint * store project ID in the access token * query for projectID if not in token * add scope based tests * Revert "store project ID in the access token" This reverts commit 5f0262f239. * query project role assertion * use project role assertion setting to return roles * workaround eventual consistency and handle PAT * do not append empty project id
2025-08-12 10:07:32 +00:00 · 2024-04-09 16:15:35 +03:00
parent c8e0b30e17
commit 6a51c4b0f5
25 changed files with 528 additions and 159 deletions
--- a/internal/query/testdata/oidc_client_secret.json
+++ b/internal/query/testdata/oidc_client_secret.json
@@ -1,6 +1,7 @@
 {
  "instance_id": "230690539048009730",
  "app_id": "236646858984783874",
+  "state": 1,
  "client_id": "236646858984849410@tests",
  "client_secret": "$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq",
  "redirect_uris": ["http://localhost:9999/auth/callback"],
@@ -17,7 +18,7 @@
  "clock_skew": 0,
  "additional_origins": null,
  "project_id": "236645808328409090",
-  "state": 1,
+  "project_role_assertion": false,
  "project_role_keys": ["role1", "role2"],
  "public_keys": null,
  "settings": {