TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-01 06:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/query
History
Tim Möhlmann 58a7eb1f26
perf(oidc): remove get user by ID from jwt profile grant (#8580) 
# Which Problems Are Solved

Improve performance by removing a GetUserByID call. The call also
executed a Trigger on projections, which significantly impacted
concurrent requests.

# How the Problems Are Solved

Token creation needs information from the user, such as the resource
owner and access token type.

For client credentials this is solved in a single search. By getting the
user by username (`client_id`), the user details and secret were
obtained in a single query. After that verification and token creation
can proceed. For JWT profile it is a bit more complex. We didn't know
anything about the user until after JWT verification.
The verification did a query for the AuthN key and after that we did a
GetUserByID to get remaining details.

This change uses a joined query when the OIDC library calls the
`GetKeyByIDAndClientID` method on the token storage. The found user
details are set to the verifieer object and returned after verification
is completed.
It is safe because the `jwtProfileKeyStorage` is a single-use object as
a wrapper around `query.Queries`.
This way getting the public key and user details are obtained in a
single query.

# Additional Changes

- Correctly set the `client_id` field with machine's username.

# Additional Context

- Related to: https://github.com/zitadel/zitadel/issues/8352
2024-09-11 12:04:09 +03:00
..
projection
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
testdata
feat(6222): remove @ and project from OIDC client ID (#8178)
2024-07-04 08:31:40 +00:00
access_token.go
fix(eventstore): precise decimal (#8527)
2024-09-06 12:19:19 +03:00
action_flow_test.go
perf: remove owner removed columns from projections for oidc (#6925)
2023-11-20 17:21:08 +02:00
action_flow.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
action_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
action.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
app_test.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
app.go
fix(query): reduce app query overhead (#7817)
2024-04-22 11:30:56 +02:00
auth_request_by_id.sql
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
auth_request_test.go
chore: use pgx v5 (#7577)
2024-03-27 15:48:22 +02:00
auth_request.go
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
authn_key_test.go
perf(oidc): remove get user by ID from jwt profile grant (#8580)
2024-09-11 12:04:09 +03:00
authn_key_user.sql
perf(oidc): remove get user by ID from jwt profile grant (#8580)
2024-09-11 12:04:09 +03:00
authn_key.go
perf(oidc): remove get user by ID from jwt profile grant (#8580)
2024-09-11 12:04:09 +03:00
certificate_test.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
certificate.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
converter.go
feat(api): feature flags (#7356)
2024-02-28 10:55:54 +02:00
current_state_test.go
fix(eventstore): precise decimal (#8527)
2024-09-06 12:19:19 +03:00
current_state.go
fix(eventstore): precise decimal (#8527)
2024-09-06 12:19:19 +03:00
custom_text_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
custom_text.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
debug_events_state_by_id.sql
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
debug_events_states.sql
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
debug_events.go
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
device_auth_test.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
device_auth.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
domain_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
domain_policy.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
event.go
chore: remove bloating span (#7780)
2024-04-16 11:19:17 +00:00
execution_targets.sql
feat: add action v2 execution on requests and responses (#7637)
2024-05-04 11:55:57 +02:00
execution_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
execution.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
failed_events_test.go
feat(eventstore): increase parallel write capabilities (#5940)
2023-10-19 12:19:10 +02:00
failed_events.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
generic.go
feat: query side for executions and targets for actions v2 (#7524)
2024-03-14 09:56:23 +00:00
iam_member_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
iam_member.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
idp_login_policy_link_test.go
feat(idp): provide option to auto link user (#7734)
2024-04-10 15:46:30 +00:00
idp_login_policy_link.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
idp_template_test.go
feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979)
2024-05-23 05:04:07 +00:00
idp_template.go
feat: idp v2 api GetIDPByID (#8425)
2024-08-14 18:18:29 +00:00
idp_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
idp_user_link_test.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
idp_user_link.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
idp.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
instance_by_domain.sql
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance_by_id.sql
fix: assign instance ID to aggregate ID when converting from v1 to v2 feature (#7505)
2024-03-05 16:12:49 +01:00
instance_domain_test.go
feat(storage): read only transactions for queries (#6415)
2023-08-22 10:49:22 +00:00
instance_domain.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
instance_features_model.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
instance_features_test.go
fix: add action v2 execution to features (#7597)
2024-04-09 20:21:21 +03:00
instance_features.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
instance_test.go
feat(api): feature flags (#7356)
2024-02-28 10:55:54 +02:00
instance_trusted_domain_test.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance_trusted_domain.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
instance.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
introspection_client_by_id.sql
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
introspection_test.go
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
introspection.go
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
key_test.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
key.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
label_policy.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
lockout_policy_test.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
lockout_policy.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
login_name.go
perf: remove owner removed columns from projections for oidc (#6925)
2023-11-20 17:21:08 +02:00
login_policy_test.go
chore: use pgx v5 (#7577)
2024-03-27 15:48:22 +02:00
login_policy.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
mail_template.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
member_roles.go
fix(query): realtime data on defined requests (#3726)
2022-06-14 07:51:00 +02:00
member.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
message_text_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
message_text.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
milestone_test.go
feat(storage): read only transactions for queries (#6415)
2023-08-22 10:49:22 +00:00
milestone.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
notification_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
notification_policy.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
notification_provider_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
notification_provider.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
oidc_client_by_id.sql
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
oidc_client_test.go
feat(6222): remove @ and project from OIDC client ID (#8178)
2024-07-04 08:31:40 +00:00
oidc_client.go
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
oidc_settings_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
oidc_settings.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_domain_test.go
feat(storage): read only transactions for queries (#6415)
2023-08-22 10:49:22 +00:00
org_domain.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_member_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
org_member.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_metadata_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
org_metadata.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
org_test.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
org.go
feat: org v2 ListOrganizations (#8411)
2024-08-15 06:37:06 +02:00
password_age_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
password_age_policy.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
password_complexity_policy_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
password_complexity_policy.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
prepare_test.go
chore: use pgx v5 (#7577)
2024-03-27 15:48:22 +02:00
privacy_policy_test.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
privacy_policy.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
project_grant_member_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
project_grant_member.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
project_grant_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
project_grant.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
project_member_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
project_member.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
project_role_test.go
perf: remove owner removed columns from projections for oidc (#6925)
2023-11-20 17:21:08 +02:00
project_role.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
project_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
project.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
query_test.go
fix(setup): init projections (#7194)
2024-01-25 17:28:20 +01:00
query.go
feat(cmd): mirror (#7004)
2024-05-30 09:35:30 +00:00
quota_notifications_test.go
perf: project quotas and usages (#6441)
2023-09-15 16:58:45 +02:00
quota_notifications.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
quota_periods_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
quota_periods.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
quota_test.go
chore: use pgx v5 (#7577)
2024-03-27 15:48:22 +02:00
quota.go
chore: use pgx v5 (#7577)
2024-03-27 15:48:22 +02:00
restrictions_test.go
fix: projection version of restrictions (#7028)
2023-12-06 10:30:56 +00:00
restrictions.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
search_query_test.go
feat: add action v2 execution on requests and responses (#7637)
2024-05-04 11:55:57 +02:00
search_query.go
feat: add action v2 execution on requests and responses (#7637)
2024-05-04 11:55:57 +02:00
secret_generator_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
secret_generators.go
fix(query): print log line on secret generator error (#8424)
2024-08-13 14:52:43 +02:00
security_policy.go
feat: impersonation roles (#7442)
2024-02-28 10:21:11 +00:00
session.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
sessions_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
sms_test.go
feat: add http as sms provider (#8540)
2024-09-06 13:11:36 +00:00
sms.go
feat: add http as sms provider (#8540)
2024-09-06 13:11:36 +00:00
smtp_test.go
feat: SMTP Templates (#6932)
2024-04-11 09:16:10 +02:00
smtp.go
feat: SMTP Templates (#6932)
2024-04-11 09:16:10 +02:00
system_features_model.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
system_features_test.go
fix: add action v2 execution to features (#7597)
2024-04-09 20:21:21 +03:00
system_features.go
feat(oidc): end session by id_token_hint and without cookie (#8542)
2024-09-04 10:14:50 +00:00
target_test.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
target.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
targets_by_execution_id.sql
fix(actions): correct statements to query targets (#8006)
2024-05-24 14:13:36 +00:00
targets_by_execution_ids.sql
fix(actions): correct statements to query targets (#8006)
2024-05-24 14:13:36 +00:00
user_auth_method_test.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
user_auth_method.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
user_by_id.sql
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
user_by_login_name.sql
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
user_grant_test.go
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
user_grant.go
fix(eventstore): precise decimal (#8527)
2024-09-06 12:19:19 +03:00
user_membership_test.go
perf: remove owner removed columns from projections for oidc (#6925)
2023-11-20 17:21:08 +02:00
user_membership.go
fix(eventstore): precise decimal (#8527)
2024-09-06 12:19:19 +03:00
user_metadata_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_metadata.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_notify_by_id.sql
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
user_notify_by_login_name.sql
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
user_otp.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_password.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
user_personal_access_token_test.go
refactor: rename package errors to zerrors (#7039)
2023-12-08 15:30:55 +01:00
user_personal_access_token.go
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user_schema_test.go
feat: add schema user create and remove (#8494)
2024-08-28 19:46:45 +00:00
user_schema.go
feat: add schema user create and remove (#8494)
2024-08-28 19:46:45 +00:00
user_test.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
user.go
fix: generalise permission check for query user information (#8458)
2024-08-23 06:44:18 +00:00
userinfo_by_id.sql
feat: password age policy (#8132)
2024-06-18 11:27:44 +00:00
userinfo_client_by_id.sql
feat(oidc): optimize the userinfo endpoint (#7706)
2024-04-09 15:15:35 +02:00
userinfo_test.go
feat(oidc): organization roles scope (#8120)
2024-06-14 10:00:43 +02:00
userinfo.go
feat(oidc): organization roles scope (#8120)
2024-06-14 10:00:43 +02:00
web_key_by_state.sql
fix(webkeys): remove include private key from projection index (#8436)
2024-08-16 11:41:09 +00:00
web_key_list.sql
fix(webkeys): remove include private key from projection index (#8436)
2024-08-16 11:41:09 +00:00
web_key_model.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
web_key_public_keys.sql
fix(webkeys): remove include private key from projection index (#8436)
2024-08-16 11:41:09 +00:00
web_key_test.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
web_key.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
zitadel_permission.go
perf: remove owner removed columns from projections for oidc (#6925)
2023-11-20 17:21:08 +02:00