fix(oidc): use feature flag to trigger user projections

2024-12-04 23:45:07 +00:00 · 2024-08-27 12:20:28 +02:00 · 2024-08-27 12:20:28 +02:00 · e486cb4d7b
commit e486cb4d7b
parent 1cefa7cb40
2 changed files with 6 additions and 5 deletions
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@ -91,7 +91,7 @@ func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string
 		err = oidcError(err)
 		span.EndWithError(err)
 	}()
-	user, err := o.query.GetUserByID(ctx, true, subject)
+	user, err := o.query.GetUserByID(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, subject)
 	if err != nil {
 		return nil, err
 	}
@ -329,7 +329,7 @@ func (o *OPStorage) checkOrgScopes(ctx context.Context, user *query.User, scopes
 func (o *OPStorage) setUserinfo(ctx context.Context, userInfo *oidc.UserInfo, userID, applicationID string, scopes []string, roleAudience []string) (err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	user, err := o.query.GetUserByID(ctx, true, userID)
+	user, err := o.query.GetUserByID(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, userID)
 	if err != nil {
 		return err
 	}
@ -664,7 +664,7 @@ func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clie
 }

 func (o *OPStorage) privateClaimsFlows(ctx context.Context, userID string, userGrants *query.UserGrants, claims map[string]interface{}) (map[string]interface{}, error) {
-	user, err := o.query.GetUserByID(ctx, true, userID)
+	user, err := o.query.GetUserByID(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, userID)
 	if err != nil {
 		return nil, err
 	}
@ -852,7 +852,7 @@ func (o *OPStorage) assertUserMetaData(ctx context.Context, userID string) (map[
 }

 func (o *OPStorage) assertUserResourceOwner(ctx context.Context, userID string) (map[string]string, error) {
-	user, err := o.query.GetUserByID(ctx, true, userID)
+	user, err := o.query.GetUserByID(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, userID)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/oidc/token_jwt_profile.go
+++ b/internal/api/oidc/token_jwt_profile.go
@ -8,6 +8,7 @@ import (
 	"github.com/zitadel/oidc/v3/pkg/oidc"
 	"github.com/zitadel/oidc/v3/pkg/op"

+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
@ -65,7 +66,7 @@ func (s *Server) verifyJWTProfile(ctx context.Context, req *oidc.JWTProfileGrant
 	defer func() { span.EndWithError(err) }()

 	checkSubject := func(jwt *oidc.JWTTokenRequest) (err error) {
-		user, err = s.query.GetUserByID(ctx, true, jwt.Subject)
+		user, err = s.query.GetUserByID(ctx, authz.GetFeatures(ctx).TriggerIntrospectionProjections, jwt.Subject)
 		return err
 	}
 	verifier := op.NewJWTProfileVerifier(