Skip to content

Client library: prefer token-embedded resource_access over per-request userinfo; define caching strategy #116

Description

@windischb

Modgud.Client.AspNetCore (UserInfoEnricher) currently calls /connect/userinfo on every authenticated request (hooked on JwtBearerEvents.OnTokenValidated, no caching; fails open on IdP outage). Meanwhile resource_access has been baked into access tokens at issuance for some time, so for JWT clients the round-trip is usually redundant.

Task:

  1. Reconstruct the intended design from the git history of the client library and the token-baking change (this behavior has been revised several times; the current state may not reflect the last decision).
  2. Decide and implement the target behavior, e.g.: use the token-embedded resource_access when present; fall back to userinfo only for tokens without it; optionally add a bounded cache with a documented staleness guarantee.
  3. Document the resulting profiles (stateless JWT / reference+introspection / cached refresh) with their security, availability and freshness guarantees in docs/integrate/resource-server.md.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions