mirrors/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel synced 2024-11-22 00:39:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
58a7eb1f26
zitadel/internal
History
Tim Möhlmann 58a7eb1f26
perf(oidc): remove get user by ID from jwt profile grant (#8580) 
# Which Problems Are Solved

Improve performance by removing a GetUserByID call. The call also
executed a Trigger on projections, which significantly impacted
concurrent requests.

# How the Problems Are Solved

Token creation needs information from the user, such as the resource
owner and access token type.

For client credentials this is solved in a single search. By getting the
user by username (`client_id`), the user details and secret were
obtained in a single query. After that verification and token creation
can proceed. For JWT profile it is a bit more complex. We didn't know
anything about the user until after JWT verification.
The verification did a query for the AuthN key and after that we did a
GetUserByID to get remaining details.

This change uses a joined query when the OIDC library calls the
`GetKeyByIDAndClientID` method on the token storage. The found user
details are set to the verifieer object and returned after verification
is completed.
It is safe because the `jwtProfileKeyStorage` is a single-use object as
a wrapper around `query.Queries`.
This way getting the public key and user details are obtained in a
single query.

# Additional Changes

- Correctly set the `client_id` field with machine's username.

# Additional Context

- Related to: https://github.com/zitadel/zitadel/issues/8352
2024-09-11 12:04:09 +03:00
..
actions
activity
admin/repository/eventsourcing
api perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
auth/repository fix: check if pw login allowed (#8584) 2024-09-10 12:55:32 +02:00
auth_request/repository
authz fix: internal check of JWT access tokens (#8486) 2024-08-26 09:26:13 +00:00
command feat: add debug events API (#8533) 2024-09-11 08:24:00 +00:00
config
crypto feat(v3alpha): web key resource (#8262) 2024-08-14 14:18:14 +00:00
database fix(eventstore): precise decimal (#8527) 2024-09-06 12:19:19 +03:00
domain feat: add debug events API (#8533) 2024-09-11 08:24:00 +00:00
eventstore feat: add debug events API (#8533) 2024-09-11 08:24:00 +00:00
execution feat: add schema user create and remove (#8494) 2024-08-28 19:46:45 +00:00
feature feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
form
i18n
iam
id
idp
integration chore(test): set connection lifetimes for postgresql (#8586) 2024-09-11 07:45:02 +00:00
logstore
migration
net
notification feat: add http as sms provider (#8540) 2024-09-06 13:11:36 +00:00
org
project
protoc
qrcode
query perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
renderer
repository feat: add debug events API (#8533) 2024-09-11 08:24:00 +00:00
static feat: add indonesia translation (#8459) 2024-09-03 16:05:47 +00:00
statik
telemetry feat: enable application performance profiling (#8442) 2024-08-16 13:26:53 +00:00
test
user feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
v2 fix(eventstore): precise decimal (#8527) 2024-09-06 12:19:19 +03:00
view/repository
webauthn chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
zerrors