mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-05 14:37:45 +00:00
58a7eb1f26
# Which Problems Are Solved Improve performance by removing a GetUserByID call. The call also executed a Trigger on projections, which significantly impacted concurrent requests. # How the Problems Are Solved Token creation needs information from the user, such as the resource owner and access token type. For client credentials this is solved in a single search. By getting the user by username (`client_id`), the user details and secret were obtained in a single query. After that verification and token creation can proceed. For JWT profile it is a bit more complex. We didn't know anything about the user until after JWT verification. The verification did a query for the AuthN key and after that we did a GetUserByID to get remaining details. This change uses a joined query when the OIDC library calls the `GetKeyByIDAndClientID` method on the token storage. The found user details are set to the verifieer object and returned after verification is completed. It is safe because the `jwtProfileKeyStorage` is a single-use object as a wrapper around `query.Queries`. This way getting the public key and user details are obtained in a single query. # Additional Changes - Correctly set the `client_id` field with machine's username. # Additional Context - Related to: https://github.com/zitadel/zitadel/issues/8352
12 lines
354 B
SQL
12 lines
354 B
SQL
select u.id as user_id, u.resource_owner, u.username, m.access_token_type, k.public_key
|
|
from projections.authn_keys2 k
|
|
join projections.users13 u
|
|
on k.instance_id = u.instance_id
|
|
and k.identifier = u.id
|
|
join projections.users13_machines m
|
|
on u.instance_id = m.instance_id
|
|
and u.id = m.user_id
|
|
where k.instance_id = $1
|
|
and k.id = $2
|
|
and u.id = $3;
|