OAuth with Zitadel how to do the roles mapping

Community Support
1

Hello,

We are trying to configure the OAuth (using Zitadel) as provider, now we can log properly but somehow we cannot make it work… Just because it seems that Zitadel is sending a Json in which the roles groups are under a dictionary, instead of a list (as Authentik is doing for example) So from Zitadel we get something like this:


{
  "email": "john.wayne@mydomain.com",
  "email_verified": true,
  "family_name": "Wayne",
  "given_name": "John",
  "locale": "en",
  "name": "John Wayne",
  "preferred_username": "john.wayne",
  "sub": "333333333333333333",
  "updated_at": 1722267578,
  "urn:zitadel:iam:org:project:111111111111111111:roles": {
    "admin": {
      "222222222222222222": "zitadel.mydomain.com"
    },
    "developer": {
      "222222222222222222": "zitadel.mydomain.com"
    }
  },
  "urn:zitadel:iam:org:project:roles": {
    "admin": {
      "222222222222222222": "zitadel.mydomain.com"
    },
    "developer": {
      "222222222222222222": "zitadel.mydomain.com"
    }
  }
}

So as you see we should take the roles to be mapped either from the keys of the dictionary:
urn:zitadel:iam:org:project:111111111111111111:roles or urn:zitadel:iam:org:project:roles

Is there any way to map those roles into Rocketchat? We try a bunch of combinations but we were not successful at all…

Thanks very much

1 Like
2

Have a read on role mapping here.

https://docs.rocket.chat/v1/en/search?query=Role%20mapping&searchType=articles

Note some features may only be available on subscription plans.

Also have a read through the dev docs for clues.

https://developer.rocket.chat

1 Like
3

At the end we could do it modifying the config of Zitadel and sending a list of the Grants we have per user and per project… it’s like a normal list so it seems to be the easiest way to make it work.

1 Like