Fix bugs

src/lib/zitadel.ts

@@ -250,6 +250,35 @@ export async function createAuthorization(params: {
   );
 }
 
+/**
+ * Replace the role keys on an existing authorization.
+ *
+ * Connect RPC: zitadel.authorization.v2.AuthorizationService/UpdateAuthorization
+ *
+ * Replace, not merge: any role keys previously held by this authorization
+ * that are NOT in the new list are revoked. Pass the complete desired
+ * role set every time. The authorization's user/org/project bindings
+ * are immutable — to move a user to a different org, delete and recreate.
+ *
+ * Used by the team UI's role change flow (Bug 25). For new role grants
+ * use {@link createAuthorization}; for revocations of an entire role
+ * assignment, delete the authorization (not yet exposed; not needed at
+ * the time of writing).
+ */
+export async function updateAuthorizationRoles(
+  authorizationId: string,
+  roleKeys: string[]
+): Promise<{ changeDate?: string }> {
+  return connectRpc<{ changeDate?: string }>(
+    "zitadel.authorization.v2.AuthorizationService",
+    "UpdateAuthorization",
+    {
+      id: authorizationId,
+      roleKeys,
+    }
+  );
+}
+
 // ---------------------------------------------------------------------------
 // Delete Organization (for rollback on partial failure)
 // ---------------------------------------------------------------------------