From 72321adb8e99e4e8343a90bfe7a256a98d9e4ea5 Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 16 Oct 2025 09:23:48 +0300
Subject: [PATCH 1/2] do not validate m2m token in roles guard

---
 src/core/auth/guards/roles.guard.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core/auth/guards/roles.guard.ts b/src/core/auth/guards/roles.guard.ts
index 53f3494..e09d565 100644
--- a/src/core/auth/guards/roles.guard.ts
+++ b/src/core/auth/guards/roles.guard.ts
@@ -17,6 +17,11 @@ export class RolesGuard implements CanActivate {
     }
 
     const request = context.switchToHttp().getRequest();
+    const tokenIsM2M = Boolean(request.m2mTokenScope);
+    if (tokenIsM2M) {
+      return true;
+    }
+
     const { auth0User = {} } = request;
     const userRoles = Object.keys(auth0User).reduce((roles, key) => {
       if (key.match(/claims\/roles$/gi)) {

From f8ceace83648a00ea53537724ad619a8066f1bae Mon Sep 17 00:00:00 2001
From: Vasilica Olariu <olariu.vasilica@gmail.com>
Date: Thu, 16 Oct 2025 09:25:36 +0300
Subject: [PATCH 2/2] update logic for roles guard

---
 src/core/auth/guards/roles.guard.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/auth/guards/roles.guard.ts b/src/core/auth/guards/roles.guard.ts
index e09d565..9f6126e 100644
--- a/src/core/auth/guards/roles.guard.ts
+++ b/src/core/auth/guards/roles.guard.ts
@@ -19,7 +19,7 @@ export class RolesGuard implements CanActivate {
     const request = context.switchToHttp().getRequest();
     const tokenIsM2M = Boolean(request.m2mTokenScope);
     if (tokenIsM2M) {
-      return true;
+      return Boolean(request.idTokenVerified);
     }
 
     const { auth0User = {} } = request;