Question about validating a user's roles within an organization
Hey everyone, appologies if there is already a similar thread about this. I looked quite hard but I wasn't able to find anything.
My company is currently investigating Zitadel as a potential shared solution for product auth. From our perspective, is has a lot of clear benefits over the usual suspects like Keycloak.
One thing that's got me a bit concerned is how our product teams will be able to validate the roles assigned to a user by a specific organization. As per the docs, with the
In this example, the user has been assigned the "cfo" role by the "corporate" organization, and the "corporate member" role by both the "org-a" and "org-b" organizations. This makes perfect sense. But I want to ask about how a particular application actually goes about using this information.
There are a number of examples Zitadel gives (zitadel-nextjs, zitadel-vue, zitadel-nextjs-b2b, etc.), where the equivalent of
My company is currently investigating Zitadel as a potential shared solution for product auth. From our perspective, is has a lot of clear benefits over the usual suspects like Keycloak.
One thing that's got me a bit concerned is how our product teams will be able to validate the roles assigned to a user by a specific organization. As per the docs, with the
urn:zitadel:iam:org:project:id:zitadel:audIn this example, the user has been assigned the "cfo" role by the "corporate" organization, and the "corporate member" role by both the "org-a" and "org-b" organizations. This makes perfect sense. But I want to ask about how a particular application actually goes about using this information.
There are a number of examples Zitadel gives (zitadel-nextjs, zitadel-vue, zitadel-nextjs-b2b, etc.), where the equivalent of
Object.keys(userinfo["urn:zitadel:iam:org:project:roles"])