FusionAuth's SCIM Groups API does not perform atomic updates to the group. This can lead to concurrency issues when multiple requests are received.
Affects versions
1.36.0+
Steps to reproduce
Send multiple SCIM patch requests for the Groups resource in quick succession. The issue is especially pronounced when modifying group membership as part of the request.
Expected behavior
The SCIM Groups update operation should be atomic as indicated by the specification.
SCIM Groups resource API is non-atomic
Description
FusionAuth's SCIM Groups API does not perform atomic updates to the group. This can lead to concurrency issues when multiple requests are received.
Affects versions
1.36.0+
Steps to reproduce
Send multiple SCIM patch requests for the Groups resource in quick succession. The issue is especially pronounced when modifying group membership as part of the request.
Expected behavior
The SCIM Groups update operation should be atomic as indicated by the specification.