mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
63d733b3a2
# Which Problems Are Solved When executing many concurrent authentication requests on a single machine user, there were performance issues. As the same aggregate is being searched and written to concurrently, we traced it down to a locking issue on the used index. We already optimized the token endpoint by creating a separate OIDC aggregate. At the time we decided to push a single event to the user aggregate, for the user audit log. See [technical advisory 10010](https://zitadel.com/docs/support/advisory/a10010) for more details. However, a recent security fix introduced an additional search query on the user aggregate, causing the locking issue we found. # How the Problems Are Solved Add a feature flag which disables pushing of the `user.token.v2.added`. The event has no importance and was only added for informational purposes on the user objects. The `oidc_session.access_token.added` is the actual payload event and is pushed on the OIDC session aggregate and can still be used for audit trail. # Additional Changes - Fix an event mapper type for `SystemOIDCSingleV1SessionTerminationEventType` # Additional Context - Reported by support request - https://github.com/zitadel/zitadel/pull/7822 changed the token aggregate - https://github.com/zitadel/zitadel/pull/8631 introduced user state check Load test trace graph with `user.token.v2.added` **enabled**. Query times are steadily increasing:  Load test trace graph with `user.token.v2.added` **disabled**. Query times constant:  --------- Co-authored-by: Livio Spring <livio.a@gmail.com> |
||
|---|---|---|
| .. | ||
| action | ||
| asset | ||
| authrequest | ||
| debug_events | ||
| deviceauth | ||
| execution | ||
| feature | ||
| flow | ||
| idp | ||
| idpconfig | ||
| idpintent | ||
| instance | ||
| keypair | ||
| limits | ||
| member | ||
| metadata | ||
| milestone | ||
| oidcsession | ||
| org | ||
| policy | ||
| project | ||
| pseudo | ||
| quota | ||
| restrictions | ||
| session | ||
| settings | ||
| target | ||
| user | ||
| usergrant | ||
| webkey | ||