Lee Morris
Lee Morris•14mo ago

client_credentials with service user roles

Hi, can anyone tell me if you can have the roles for a service user returned in a client_credentials token? setting the scope has no effect other than when I set the project ID. This request returns me a basic JWT with none of the authorizations. Thanks 
POST /oauth/v2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bWFjaGluZTE6M09nM1ZpU3FQSm9XbGxYRTFzV1UwRXd0Qk1oc1lnY2VETWtKd2xHbmJjd2gyY3l2M2hXMGU1VFF1VVhhUmp6dQ==
Host: localhost:8080
Connection: close
Content-Length: 50

grant_type=client_credentials&scope=openid+profile
POST /oauth/v2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Authorization: Basic bWFjaGluZTE6M09nM1ZpU3FQSm9XbGxYRTFzV1UwRXd0Qk1oc1lnY2VETWtKd2xHbmJjd2gyY3l2M2hXMGU1VFF1VVhhUmp6dQ==
Host: localhost:8080
Connection: close
Content-Length: 50

grant_type=client_credentials&scope=openid+profile
10 Replies
FFO
FFO•14mo ago
Hm have you tried what happens if you add urn:zitadel:iam:org:projects:roles to the scopes?
Unknown User
Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View
FFO
FFO•12mo ago
Do you see the same problem?
Unknown User
Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View
FFO
FFO•12mo ago
hm got it. Do you mind quickly sharing what your goal is, this would help me get think about the best way to solve this 😄
Unknown User
Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View
FFO
FFO•12mo ago
Nice!
Unknown User
Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View
FFO
FFO•12mo ago
thanks you for sharing that!
Unknown User
Unknown User•5mo ago
Message Not Public
Sign In & Join Server To View

Did you find this page helpful?