diff --git a/crates/store/src/auth/mod.rs b/crates/store/src/auth/mod.rs
index 5cf647b..ae9ccaf 100644
--- a/crates/store/src/auth/mod.rs
+++ b/crates/store/src/auth/mod.rs
@@ -24,6 +24,7 @@ pub trait AuthenticationProvider: Send + Sync + 'static {
 
     async fn add_membership(&self, principal: &str, member_of: &str) -> Result<(), Error>;
     async fn remove_membership(&self, principal: &str, member_of: &str) -> Result<(), Error>;
+    async fn list_members(&self, principal: &str) -> Result<Vec<String>, Error>;
 }
 
 pub use middleware::AuthenticationMiddleware;
diff --git a/crates/store_sqlite/src/principal_store.rs b/crates/store_sqlite/src/principal_store.rs
index 76b522c..bdd6627 100644
--- a/crates/store_sqlite/src/principal_store.rs
+++ b/crates/store_sqlite/src/principal_store.rs
@@ -249,4 +249,18 @@ impl AuthenticationProvider for SqlitePrincipalStore {
         .map_err(crate::Error::from)?;
         Ok(())
     }
+
+    #[instrument]
+    async fn list_members(&self, principal: &str) -> Result<Vec<String>, Error> {
+        Ok(sqlx::query!(
+            r#"SELECT principal FROM memberships WHERE member_of = ?"#,
+            principal
+        )
+        .fetch_all(&self.db)
+        .await
+        .map_err(crate::Error::from)?
+        .into_iter()
+        .map(|record| record.principal)
+        .collect())
+    }
 }