Netbird + Zitadel: All roles in scopes for Device Authorization
Hi all !
I'm currently using Netbird 3.9.1 and an external Zitadel.
I'm having a real security issue with Netbird.
When a user logs in with Netbird, all roles in the Netbird project are displayed in the device authorization request.
The user should only be able to see the roles assigned to them.
I should point out that I followed this tutorial (https://github.com/netbirdio/netbird/issues/1713) to enable JWT group synchronization.
Thank you for your help !
GitHub
Group sync with Zitadel · Issue #1713 · netbirdio/netbird
Describe the problem I've been trying to configure self-hosted Netbird with Zitadel as IDP to use user roles which I've created under the Netbird project in Zitadel, but without any success...
1 Reply
I opened an issue:
https://github.com/netbirdio/netbird/issues/3590
GitHub
Netbird + Zitadel: All roles in scopes for Device Authorization · ...
Describe the problem When requesting device authorization to Zitadel, all roles are displayed in the scopes. To Reproduce Steps to reproduce the behavior: Login Netbird Client on Zitadel Allow Devi...