perf(oidc): optimize the introspection endpoint (#6909)

* get key by id and cache them * userinfo from events for v2 tokens * improve keyset caching * concurrent token and client checks * client and project in single query * logging and otel * drop owner_removed column on apps and authN tables * userinfo and project roles in go routines * get oidc user info from projections and add actions * add avatar URL * some cleanup * pull oidc work branch * remove storage from server * add config flag for experimental introspection * legacy introspection flag * drop owner_removed column on user projections * drop owner_removed column on useer_metadata * query userinfo unit test * query introspection client test * add user_grants to the userinfo query * handle PAT scopes * bring triggers back * test instance keys query * add userinfo unit tests * unit test keys * go mod tidy * solve some bugs * fix missing preferred login name * do not run triggers in go routines, they seem to deadlock * initialize the trigger handlers late with a sync.OnceValue * Revert "do not run triggers in go routines, they seem to deadlock" This reverts commit 2a03da2127. * add missing translations * chore: update go version for linting * pin oidc version * parse a global time location for query test * fix linter complains * upgrade go lint * fix more linting issues --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-11 21:27:42 +00:00 · 2023-11-21 14:11:38 +02:00
parent ad3563d58b
commit ba9b807854
103 changed files with 3528 additions and 808 deletions
--- a/internal/query/user_grant.go
+++ b/internal/query/user_grant.go
@@ -22,32 +22,32 @@ import (

 type UserGrant struct {
 	// ID represents the aggregate id (id of the user grant)
-	ID           string
-	CreationDate time.Time
-	ChangeDate   time.Time
-	Sequence     uint64
-	Roles        database.TextArray[string]
+	ID           string                     `json:"id,omitempty"`
+	CreationDate time.Time                  `json:"creation_date,omitempty"`
+	ChangeDate   time.Time                  `json:"change_date,omitempty"`
+	Sequence     uint64                     `json:"sequence,omitempty"`
+	Roles        database.TextArray[string] `json:"roles,omitempty"`
 	// GrantID represents the project grant id
-	GrantID string
-	State   domain.UserGrantState
+	GrantID string                `json:"grant_id,omitempty"`
+	State   domain.UserGrantState `json:"state,omitempty"`

-	UserID             string
-	Username           string
-	UserType           domain.UserType
-	UserResourceOwner  string
-	FirstName          string
-	LastName           string
-	Email              string
-	DisplayName        string
-	AvatarURL          string
-	PreferredLoginName string
+	UserID             string          `json:"user_id,omitempty"`
+	Username           string          `json:"username,omitempty"`
+	UserType           domain.UserType `json:"user_type,omitempty"`
+	UserResourceOwner  string          `json:"user_resource_owner,omitempty"`
+	FirstName          string          `json:"first_name,omitempty"`
+	LastName           string          `json:"last_name,omitempty"`
+	Email              string          `json:"email,omitempty"`
+	DisplayName        string          `json:"display_name,omitempty"`
+	AvatarURL          string          `json:"avatar_url,omitempty"`
+	PreferredLoginName string          `json:"preferred_login_name,omitempty"`

-	ResourceOwner    string
-	OrgName          string
-	OrgPrimaryDomain string
+	ResourceOwner    string `json:"resource_owner,omitempty"`
+	OrgName          string `json:"org_name,omitempty"`
+	OrgPrimaryDomain string `json:"org_primary_domain,omitempty"`

-	ProjectID   string
-	ProjectName string
+	ProjectID   string `json:"project_id,omitempty"`
+	ProjectName string `json:"project_name,omitempty"`
 }

 type UserGrants struct {