Improve retrieval of sub in JWT token issuance #16129
Description
Describe the issue:
When the JWT token type is configured for the OAuth SP, several repetitive queries are made to IDP tables, specifically the queries below.
SELECT A.NAME, B.NAME, B.DISPLAY_NAME FROM IDP A JOIN IDP_AUTHENTICATOR B ON A.ID = B.IDP_ID WHERE B.ID =? AND ((A.TENANT_ID =? AND B.TENANT_ID =?) OR (A.TENANT_ID=? AND A.NAME LIKE 'SHARED_%' AND B.TENANT_ID=?))SELECT IS_FEDERATION_HUB FROM IDP WHERE NAME = ? AND TENANT_ID = ?
This happens when the service provider object is retrieved to build the sub [1][2]. During the process,
- IDP information of all the IDPs configured for the step will be retrieved [3], which includes executing the query (1) separately for all the authenticators.
- All the IDP objects will be created, which includes executing the query (2) above separately for each IDP.
This impacts the performance when there are multiple IDPs configured for each SP when the cache is expired.
Hence, this should be fixed to retrieve the subject without retrieving the whole service provider object.
How to reproduce:
- Configure an OAuth SP with JWT token type.
- Observe the method invocations in the client credentials grant type (and should be fixed for other applicable grant types).
[1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java#L474
[2] https://github.com/wso2/carbon-identity-framework/blob/v5.17.5/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/CacheBackedApplicationDAO.java#L88
[3] https://github.com/wso2-support/carbon-identity-framework/blob/support-5.17.5.x-full/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java#L2643