From b3e3239d761b94bc1fa3cf495da3aabe4c7a0150 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Wed, 10 Apr 2024 18:05:13 +0300
Subject: [PATCH] chore(oidc): add additional spans to userinfo code paths
 (#7749)

---
 internal/api/oidc/access_token.go                      |  6 +++++-
 internal/api/oidc/userinfo.go                          |  8 +++++++-
 .../auth/repository/eventsourcing/eventstore/token.go  | 10 ++++++++--
 internal/auth/repository/eventsourcing/view/token.go   |  4 ++++
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/internal/api/oidc/access_token.go b/internal/api/oidc/access_token.go
index b4aca5f929..fce600b62b 100644
--- a/internal/api/oidc/access_token.go
+++ b/internal/api/oidc/access_token.go
@@ -13,6 +13,7 @@ import (
 	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	"github.com/zitadel/zitadel/internal/user/model"
 	"github.com/zitadel/zitadel/internal/zerrors"
 )
@@ -35,7 +36,10 @@ type accessToken struct {
 
 var ErrInvalidTokenFormat = errors.New("invalid token format")
 
-func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (*accessToken, error) {
+func (s *Server) verifyAccessToken(ctx context.Context, tkn string) (_ *accessToken, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	var tokenID, subject string
 
 	if tokenIDSubject, err := s.Provider().Crypto().Decrypt(tkn); err == nil {
diff --git a/internal/api/oidc/userinfo.go b/internal/api/oidc/userinfo.go
index 90a77fa202..e05a1a9f5d 100644
--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@@ -61,6 +61,9 @@ func (s *Server) UserInfo(ctx context.Context, r *op.Request[oidc.UserInfoReques
 }
 
 func (s *Server) userInfo(ctx context.Context, userID, projectID string, projectRoleAssertion bool, scope, roleAudience []string) (_ *oidc.UserInfo, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	roleAudience, requestedRoles := prepareRoles(ctx, projectID, projectRoleAssertion, scope, roleAudience)
 	qu, err := s.query.GetOIDCUserInfo(ctx, userID, roleAudience)
 	if err != nil {
@@ -211,7 +214,10 @@ func setUserInfoRoleClaims(userInfo *oidc.UserInfo, roles *projectsRoles) {
 	}
 }
 
-func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, userInfo *oidc.UserInfo) error {
+func (s *Server) userinfoFlows(ctx context.Context, qu *query.OIDCUserInfo, userInfo *oidc.UserInfo) (err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	queriedActions, err := s.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeCustomiseToken, domain.TriggerTypePreUserinfoCreation, qu.User.ResourceOwner)
 	if err != nil {
 		return err
diff --git a/internal/auth/repository/eventsourcing/eventstore/token.go b/internal/auth/repository/eventsourcing/eventstore/token.go
index ba58dfd4d7..4068a68667 100644
--- a/internal/auth/repository/eventsourcing/eventstore/token.go
+++ b/internal/auth/repository/eventsourcing/eventstore/token.go
@@ -21,7 +21,10 @@ type TokenRepo struct {
 	View       *view.View
 }
 
-func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (*usr_model.TokenView, error) {
+func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (_ *usr_model.TokenView, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	instanceID := authz.GetInstance(ctx).InstanceID()
 
 	// always load the latest sequence first, so in case the token was not found by id,
@@ -68,7 +71,10 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) (
 	return model.TokenViewToModel(token), nil
 }
 
-func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, changeDate time.Time, eventTypes []eventstore.EventType) ([]eventstore.Event, error) {
+func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, changeDate time.Time, eventTypes []eventstore.EventType) (_ []eventstore.Event, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	query, err := usr_view.UserByIDQuery(userID, instanceID, changeDate, eventTypes)
 	if err != nil {
 		return nil, err
diff --git a/internal/auth/repository/eventsourcing/view/token.go b/internal/auth/repository/eventsourcing/view/token.go
index b19f5a69aa..0fe1d6d187 100644
--- a/internal/auth/repository/eventsourcing/view/token.go
+++ b/internal/auth/repository/eventsourcing/view/token.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
 	usr_view "github.com/zitadel/zitadel/internal/user/repository/view"
 	"github.com/zitadel/zitadel/internal/user/repository/view/model"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -87,6 +88,9 @@ func (v *View) DeleteOrgTokens(event eventstore.Event) error {
 }
 
 func (v *View) GetLatestTokenSequence(ctx context.Context, instanceID string) (_ *query.CurrentState, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
 	q := &query.CurrentStateSearchQueries{
 		Queries: make([]query.SearchQuery, 2),
 	}