diff --git a/docs/local.md b/docs/local.md
index 4d978109f4..dae4b2f353 100644
--- a/docs/local.md
+++ b/docs/local.md
@@ -31,4 +31,3 @@ cockroachdb/cockroach:v19.2.2 start --insecure
 
 #### Should show eventstore, management, admin, auth
 `show databases;`
-
diff --git a/internal/api/auth/context.go b/internal/api/auth/context.go
index 220e647d4c..d543af0b3c 100644
--- a/internal/api/auth/context.go
+++ b/internal/api/auth/context.go
@@ -45,7 +45,8 @@ func VerifyTokenAndWriteCtxData(ctx context.Context, token, orgID string, t Toke
 	//TODO: Remove as soon an authentification is implemented
 	if CheckInternal(ctx) {
 		userID = grpc_util.GetHeader(ctx, api.ZitadelUserID)
-		projectID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
+		clientID = grpc_util.GetHeader(ctx, api.ZitadelClientID)
+		projectID, err = t.GetProjectIDByClientID(ctx, clientID)
 		agentID = grpc_util.GetHeader(ctx, api.ZitadelAgentID)
 	} else {
 		userID, clientID, agentID, err = verifyAccessToken(ctx, token, t)
diff --git a/internal/auth/repository/eventsourcing/eventstore/user_grant.go b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
index cad53713c5..5fb8c90a65 100644
--- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
@@ -42,7 +42,11 @@ func (repo *UserGrantRepo) SearchMyProjectOrgs(ctx context.Context, request *gra
 	if ctxData.ProjectID == "" {
 		return nil, caos_errs.ThrowPreconditionFailed(nil, "APP-7lqva", "Could not get ProjectID")
 	}
-	if ctxData.ProjectID == repo.AuthZRepo.IamProjectID {
+	err := repo.AuthZRepo.FillIamProjectID(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if ctxData.ProjectID == repo.AuthZRepo.UserGrantRepo.IamProjectID {
 		isAdmin, err := repo.IsIamAdmin(ctx)
 		if err != nil {
 			return nil, err
diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
index d350070ecc..7364bd46fb 100644
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -49,7 +49,7 @@ func (repo *TokenVerifierRepo) ProjectIDByClientID(ctx context.Context, clientID
 	if err != nil {
 		return "", err
 	}
-	return app.ID, nil
+	return app.ProjectID, nil
 }
 
 func (repo *TokenVerifierRepo) verifierClientID(ctx context.Context, appName, appClientID string) (string, error) {
diff --git a/internal/authz/repository/eventsourcing/eventstore/user_grant.go b/internal/authz/repository/eventsourcing/eventstore/user_grant.go
index 08a170885c..80e41bfe30 100644
--- a/internal/authz/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_grant.go
@@ -23,7 +23,7 @@ func (repo *UserGrantRepo) Health() error {
 }
 
 func (repo *UserGrantRepo) ResolveGrants(ctx context.Context) (*auth.Grant, error) {
-	err := repo.fillIamProjectID(ctx)
+	err := repo.FillIamProjectID(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -59,7 +59,7 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
 	return permissions.Permissions, nil
 }
 
-func (repo *UserGrantRepo) fillIamProjectID(ctx context.Context) error {
+func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
 	if repo.IamProjectID != "" {
 		return nil
 	}