The permission backend previously resolved userInfo and minted a plugin
request token sequentially for every authorize request with user
credentials. On high-traffic endpoints this meant two serial internal
HTTP round-trips per request, even when the same user made many
requests in quick succession.
This change:
1. Adds a 5-second TTL cache to DefaultUserInfoService so that repeated
getUserInfo() calls for the same user return the cached result
without an HTTP call to the auth backend.
2. Parallelises the getUserInfo() and getPluginRequestToken() calls in
the permission backend's handleRequest via Promise.all, saving one
sequential round-trip on cache misses.
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
Fredrik Adelöw
2f0519cba3