Thank you very much for your prompt reply. I haven't explored the Lambdas yet, so I'll look into that.
It's not so much that I immediately need it in the JWT itself (though that is a nice bonus - an additional request would've been totally acceptable) but this should do the trick. I was mostly wondering whether this was the intended way to use the roles.
I'll definitely upgrade!
I'm trying to check if a user has a certain role to verify whether they're allowed to do something, and I'm trying to find the correct way to do this. I'm running FA 1.17.5 locally because I'm still test-driving it.
When the user logs in, they get a JWT. This gives me a user ID. I can then query the API to get the group(s) that the user is part of. Querying a single user via the API gives me one or more group IDs. I can then query the API again so I get the roles that are attached to that group. However, I'd have to run this query several times in order to find whether the role I'm looking for is in that group, because unless I missed something the group API doesn't allow searching for multiple IDs. I can of course get all the groups and search through those in the code, but there is probably a better way. I've noticed that Roles don't have their own API endpoint.
The solutions I see are:
Ideally, I'd want to be able to find out in a single query whether a user has a certain role or not so that I can find out whether they're allowed to do something.
It could be that I'm kind of mistaking roles for permissions, so I was wondering what the philosophy was, and what approach I should be using 