Overview

All documentations are under active work and subject to change soon!

Application Integration

Service Integration

OpenID Connect & OAuth

Client Types / Profiles

Single Page Application

If your client is a single page application (SPA) we recommend that you use Authorization Code in combination with Proof Key for Code Exchange.

This flow has great support with most modern languages and frameworks and is the recommended default.

In the OIDC and OAuth world this client profile is called "user-agent-based application"

Server Side Application

In the OIDC and OAuth world this client profile is called "web application"

Mobile App / Native App

In the OIDC and OAuth world this client profile is called "native application"

How to consume authorizations in your application or service

With ZITADEL you can manage the roles a project supplies to your users in the form of authorizations. On the project it can be configured how project roles are supplied to the clients. By default ZITADEL asserts the claim urn:zitadel:iam:org:project:roles to the Userinfo Endpoint

  • Assert the claim urn:zitadel:iam:org:project:roles to access_token
  • Assert the claim urn:zitadel:iam:org:project:roles to id_token
 "urn:zitadel:iam:org:project:roles": {
	"user": {
	  "id1": "acme.zitadel.ch",
	  "id2": "caos.ch",
	}
  }

For more details about how ZITADEL treats scopes and claims see the documentations.