From cb38aaab166d67b3fe2e5e57a995dc91f8c9ae35 Mon Sep 17 00:00:00 2001
From: Christian Richter <c.richter@opencloud.eu>
Date: Thu, 12 Feb 2026 16:51:42 +0100
Subject: [PATCH] create mapping in cache for subject => sessionid

Signed-off-by: Christian Richter <c.richter@opencloud.eu>
---
 services/proxy/pkg/middleware/oidc_auth.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/services/proxy/pkg/middleware/oidc_auth.go b/services/proxy/pkg/middleware/oidc_auth.go
index 18e0ef3344..46b4733dc9 100644
--- a/services/proxy/pkg/middleware/oidc_auth.go
+++ b/services/proxy/pkg/middleware/oidc_auth.go
@@ -124,6 +124,18 @@ func (m *OIDCAuthenticator) getClaims(token string, req *http.Request) (map[stri
 				if err != nil {
 					m.Logger.Error().Err(err).Msg("failed to write session lookup cache")
 				}
+
+				// create an additional entry mapping subject to session id
+				if sub := aClaims.Subject; sub != "" {
+					err = m.userInfoCache.Write(&store.Record{
+						Key:    sub,
+						Value:  []byte(sid),
+						Expiry: time.Until(expiration),
+					})
+					if err != nil {
+						m.Logger.Error().Err(err).Msg("failed to write subject lookup cache")
+					}
+				}
 			}
 		}
 	}()