Role field scope in token introspection
Hi Zitadel team, I have some questions about token introspection endpoint for OIDC.
I have a setup in zitadel with two projects, let's named it project A and B, I would like to design the "shared role" for every projects in organization in project A and access it via token introspection from API application in project B because it's possible to have more additional roles in project B
Currently, token introspection endpoint for OIDC only return role from current project and ignore role from other projects in audience field. Is it possible for token introspection endpoint to access role from external project that API key does not reside on, especially in audience field ?
Ref:
- https://github.com/zitadel/zitadel/blob/1a24b107023af4cf605ecdeb4c17fe126341432e/internal/api/oidc/introspect.go#L99-L106
I have a setup in zitadel with two projects, let's named it project A and B, I would like to design the "shared role" for every projects in organization in project A and access it via token introspection from API application in project B because it's possible to have more additional roles in project B
Currently, token introspection endpoint for OIDC only return role from current project and ignore role from other projects in audience field. Is it possible for token introspection endpoint to access role from external project that API key does not reside on, especially in audience field ?
Ref:
- https://github.com/zitadel/zitadel/blob/1a24b107023af4cf605ecdeb4c17fe126341432e/internal/api/oidc/introspect.go#L99-L106
GitHub
ZITADEL - Identity infrastructure, simplified forΒ you. - zitadel/zitadel
