Get all roles from every project into one access token
Hello everyone I have a question.
Currently when I get a token from the oidc client everything works fine. With the ClientId i get the roles from the project.
Now my question is if its possible to get all roles of the user from every project that is currently available in the project. I have about 7 projects and I need all users roles for every project. If I want to do that I need 7 different access tokens but I only want to have 1. Is something like that possible?
75 Replies
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
hey @FFO thanks for your message. I have to admit I don't even know where to begin making this action and what exactly I have to doπ
. As much as I understand it I have to call an action in my backend and tweak the token content (I don't know what tweak means). Is that right?
is this the action you've meant?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
Can you tell me how I tweak the token content with all roles?
What should my script have to do?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
thats the ListMyUserGrants right?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
the thing is when i do that i get the result i want: every role the user has on every project. but i think the performance would really struggle if i do it like this in the backend cause i would have to call it every time my API gets called.
i actually only want all roles from a single user but on different projects. I think you misunderstood me at the beginning could that be?
the only thing is that i want this information in the users claim in the access token so i dont have to call it every time with ListMyUserGrants.
because currently i only get the roles of one project.
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
that makes sense to me. The only thing is i don't know where to start with the action π
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
is it something like that? thats from the docs
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
uf i would have to test it can't tell you rigth away
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
well in my example i have to setClaim() in the access token is that right?
well this is how you set the grants in the access token but how do i get them in the first place π
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
this one right?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
the userid is in ctx.v1.user ?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
aha okey
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
its starts to make sense even more now i think i know where i can begin now to do the action π
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
yes that makes sense
well i'm gonna try it and tell u the result later on π . Really appreciate your help thanks!
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
one more questionπ
. Is that the only way to make an action? can i make the action in a standalone javascript file so i have a debugger and interpreter.
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
i was just trying something out there π
π
its a bit hard to think without a interpreter hahaha
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
already did hehe
url right as i did or does it need the full path?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
how can i see if it worked or not?
I made this script and zitadel gives me no feedback if it works or not. the action is stated as active but nothing happens
its says its active but it doesn't look like its working
it looks like my function never gets called but i'm not sure
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
no problem I was out too. I'm currently self-hosted
how does that work?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
i tried to do api.v1.userinfo.setClaim('year', 2023) as a test but it didnt get added
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
oh i see
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
so this should work?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
jep that true
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
is it even right if i set the parameters like in my code? it seems to take a string and any
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
is that enough to get my function executed?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
i looked at my logs i dont get a hello world or anything else
name of the function is also the same
I searched my logs in the docker container. But there is nothing. is there a own log file in the system that outputs the logs?
does it depend on this settings? https://zitadel.com/docs/self-hosting/manage/quotas
ZITADEL Docs
Quotas is an enterprise feature that is relevant if you want to host ZITADEL as a service.
GitHub
zitadel/defaults.yaml at main Β· zitadel/zitadel
ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era. - zitadel/defaults.yaml at main Β· zitadel/zitadel
do i need that stuff? and if yes where do i have to add it
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
The actions i did should be hit as much as i can tell because everything was done right on the console site. It could really be that nothing gets logged. It was really frustrating yesterday searching for this logsπ . Is it right that those logs must show up in "docker compose logs"?
I also tried to test actions made from your sample (https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js). Here even the syntax and everything should be okay but still no logs there. Also none that the process failed or something.
just for my understanding. When does the action gets executed exactly? When the user calls "/oauth/v2/token"?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
Yes sure. Pls let me know if there is a updateπ
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
Is that the latest version?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
i get now console logs π . but kinda not helpful logs but still better then nothing π . it looks like i get the whole http request logged. i dont know why beacause i dont log that anywhere.
starts with: time="2023-02-17T13:25:06Z" level=info msg="log record emitted" caller="/home/runner/work/zitadel/zitadel/internal/logstore/emitters/stdout/stdout.go:19" record="{"logDate":"2023-02-17T13:25:06.892322614Z","protocol":1,"requestUrl":"/oauth/v2/token\ ........ and goes on
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View
yes but can i send it private to you?
Unknown Userβ’3y ago
Message Not Public
Sign In & Join Server To View