How to setup Zitadel + OAuth2-proxy to pass user information for applications
Original message was deleted
FUhm, not sure, does the oauth proxy doc not help?
Apart from forwarding it in HTTP headers Is there another way for my applications to get those information?You can forward the access_token to an application which can then read the userinfo endpoint. Or you can forward the id_token which is a signed json.
FI figured however that I was missing some setup on my Zitadel project in order to have the roles present in the id-token. So I can now at least get them by inspecting it on my app side.You can enable on the project/app that the token should contain the roles.
https://zitadel.com/docs/guides/integrate/retrieve-user-roles#:~:text=Role%20settings%20in%20the%20ZITADEL%20Console%E2%80%8B,ID%20Token'%20in%20application%20settings.
But i'm not sure what I should do if needed other kind of information. Can i use the id-token to query extra information on any of the endpoints my organization/project has in zitadel?If you pass
urn:zitadel:iam:org:project🆔zitadel:aud as scope the access token can be used to access the zitadel api as the current user (which his access rights).If you want to read more infos then the user you need to setup a service account and assign management rights to that.
This guide explains all the possible ways of retrieving user roles across different organizations and projects using ZITADEL's APIs.
