How to use reserved scope urn:zitadel:iam:org:roles:id:{orgID}

Hello,

I'm having trouble in my token introspection. I'm trying to get a role to be returned in the response from a project in an org that a user is not part of, but has been granted auth for.

Using the scope

urn:zitadel:iam:org:roles:id:{orgID}

urn:zitadel:iam:org:roles:id:{orgID}

, as shown in the docs here, only returns roles in the user's primary org. In fact, using only this scope of the other organization returns an error.

failed token validation, parse failed due to: user does not have any authorization (assigned roles) for project {orgId}

failed token validation, parse failed due to: user does not have any authorization (assigned roles) for project {orgId}

Is someone from Zitadel able to show me this working cross-org? Otherwise, I think this is a bug.

I am working with self-hosted v2.71.11

ZITADEL•8mo ago•

3 replies

nullsense

How to use reserved scope urn:zitadel:iam:org:roles:id:{orgID}

urn:zitadel:iam:org:roles:id:{orgID}

urn:zitadel:iam:org:roles:id:{orgID}

, as shown in the docs here, only returns roles in the user's primary org. In fact, using only this scope of the other organization returns an error.

failed token validation, parse failed due to: user does not have any authorization (assigned roles) for project {orgId}

failed token validation, parse failed due to: user does not have any authorization (assigned roles) for project {orgId}

Is someone from Zitadel able to show me this working cross-org? Otherwise, I think this is a bug.

I am working with self-hosted v2.71.11

How to use reserved scope urn:zitadel:iam:org:roles:id:{orgID}

Similar Threads

How to use reserved scope urn:zitadel:iam:org:roles:id:{orgID}

Similar Threads

Similar Threads

Similar Threads