[Debt] Add safe auth principal caching with explicit invalidation #260

Open
opened 2026-07-14 00:13:18 +02:00 by zemion · 0 comments
Owner

Current Cost

Every full auth/profile request recomputes principal context even when the user, tenant, role, group, function, delegation, and language state has not changed. Blind caching would be risky because stale permissions are security-sensitive.

Desired Shape

Introduce a small, explicit cache for session/principal summary data only after the fast-session contract and query instrumentation are in place. Invalidation must be tied to access-control and identity-affecting changes.

Constraints

  • Do not cache across tenants incorrectly.
  • Do not serve stale permissions after role, group, system role, tenant membership, function assignment, delegation, identity link, or settings changes.
  • API-key behavior and interactive session behavior may need different cache keys/TTLs.

Checklist

  • Define cacheable principal/session summary fields.
  • Define invalidation events and version keys.
  • Add tests for permission changes invalidating cached context.
  • Keep cache opt-out or short TTL for debugging.

Verification Target

  • Permission mutation tests prove stale grants are not retained.
  • Fast session and full bootstrap timings improve without changing effective scopes.
## Current Cost Every full auth/profile request recomputes principal context even when the user, tenant, role, group, function, delegation, and language state has not changed. Blind caching would be risky because stale permissions are security-sensitive. ## Desired Shape Introduce a small, explicit cache for session/principal summary data only after the fast-session contract and query instrumentation are in place. Invalidation must be tied to access-control and identity-affecting changes. ## Constraints - Do not cache across tenants incorrectly. - Do not serve stale permissions after role, group, system role, tenant membership, function assignment, delegation, identity link, or settings changes. - API-key behavior and interactive session behavior may need different cache keys/TTLs. ## Checklist - [ ] Define cacheable principal/session summary fields. - [ ] Define invalidation events and version keys. - [ ] Add tests for permission changes invalidating cached context. - [ ] Keep cache opt-out or short TTL for debugging. ## Verification Target - Permission mutation tests prove stale grants are not retained. - Fast session and full bootstrap timings improve without changing effective scopes.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#260
No description provided.