Retrieving user roles and the shape of the data returned
I'm reading https://zitadel.com/docs/guides/integrate/retrieve-user-roles#retrieve-roles-from-the-userinfo-endpoint and implementing it in my frontend to be able to check through the
urn:zitadel:iam:org:project:{projectId}:roles key(s) in my response.
In one org a user has a map response like documentation shows, in another org another user has an array of two maps.
Why would I be getting an array of two identical maps?ZITADEL Docs
This guide explains all the possible ways of retrieving user roles across different organizations and projects using ZITADEL's APIs.
4 Replies
hi @spicypixel if you read this . Basically, its kept for backwards compatibility.
In practice:
urn:zitadel:iam:org:project:{projectId}:roles is the “new” claim (includes your project’s ID).
urn:zitadel:iam:org:project:roles is the older, generic claim.
If you include both scopes in your access token, you’ll get both claims (hence the duplicate). To fix, only request the project-specific scope (urn:zitadel:iam:org:project:{projectId}:roles) so that you get a single roles object.
hey @spicypixel if my response helped you, pls mark it with ✅ to auto close it. Thanks@spicypixel, you cannot mark your own questions as solved.
hey @spicypixel you have to mark my answer as solved with ✅
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@403882453653127168>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀