Find a detailed explanation of the concepts covered in these examples in this blog post.
If you have an API that behaves as an OAuth resource server that can be accessed by user-facing applications and need to validate an access token by calling the ZITADEL introspection API, you can use the following methods to register these APIs in ZITADEL:
If there are client APIs or systems that need to access other protected APIs, these APIs or systems must be declared as service users. A service user is not considered an application type in ZITADEL. The following mechanisms are available for service users to obtain an access token:
# | Grant and Token Type Used by Service User | How the Application API Invokes the Introspection Endpoint |
---|---|---|
1 | Send JWT to ZITADEL to receive an opaque token or JWT and send the received token to API (JWT Profile) | JWT Profile |
2 | Send JWT to ZITADEL to receive an opaque token or JWT and send the received token to API (JWT Profile) | Basic Authentication |
3 | Send Client ID and Client Secret to ZITADEL and receive an opaque token or JWT and send the received token to API (Client Credentials) | JWT Profile |
4 | Send Client ID and Client Secret to ZITADEL and receive an opaque token or JWT and send the received token to API (Client Credentials) | Basic Authentication |
5 | Send a static access token to API (Personal Access Token) | JWT Profile |
6 | Send a static access token to API (Personal Access Token) | Basic Authentication |
- Clone this repository.
- Have python3 and pip3 installed in your machine.
- Install required dependencies by running
pip3 install -r requirements.txt
on your terminal. - Create a free ZITADEL account here - https://zitadel.cloud/
- Create an instance as explained here.
- Create a new project in your instance by following the steps here.
- Make sure that you replace the values in the .env file in each project with the values you obtain from ZITADEL.