Can I retrieve Manager Roles by JWT access token or idtoken?

Original message was deleted

fabienne•1/9/25, 9:52 AM

if you use the following endpoint and filter for the user and the project id you should get the user grant with the roles: https://zitadel.com/docs/apis/resources/mgmt/management-service-list-user-grants

ZITADEL Docs

Returns a list of user grants that match the search queries. User grants are the roles users have for a specific project and organization.

fabienne•1/10/25, 9:30 AM

if you want to get the roles in the token, you need to enable this on the project configuration, and then you can either send a scope or also configure on the app

fabienne•1/10/25, 9:30 AM

fabienne•1/13/25, 9:17 AM

are you talking about the zitadel internal manager roles? and not about the roles defined in your own project?

fabienne•1/13/25, 12:46 PM

the manager roles can't be included in the token for now

fabienne•1/13/25, 12:47 PM

if you want to get the list of manager roles for the currently authenticated user you can use this endpoint: https://zitadel.com/docs/apis/resources/auth/auth-service-list-my-memberships

ZITADEL Docs

Show all the management roles my user has in ZITADEL (ZITADEL Manager).

fabienne•1/13/25, 12:47 PM

with the following you will get the effective permissions the user has https://zitadel.com/docs/apis/resources/auth/auth-service-list-my-zitadel-permissions

ZITADEL Docs

Returns a list of permissions the authenticated user has in ZITADEL based on the manager roles the user has. (e.g: ORG_OWNER = org.read, org.write, ...).

fabienne•1/13/25, 12:48 PM

e.g user.read, user.write