zitadel/site/docs/integrate/01-openidoauth.en.md

---
title:  OpenID Connect & OAuth
description: ...
---

### Client Types / Profiles

#### Single Page Application

If your [client](administrate#Clients) is a single page application (SPA) we recommend that you use [Authorization Code](documentation#Authorization_Code) in combination with [Proof Key for Code Exchange](documentation#Proof_Key_for_Code_Exchange).

This flow has great support with most modern languages and frameworks and is the recommended default.

> In the OIDC and OAuth world this **client profile** is called "user-agent-based application"

#### Server Side Application

In the OIDC and OAuth world this client profile is called "web application"

#### Mobile App / Native App

In the OIDC and OAuth world this client profile is called "native application"

### How to consume authorizations in your application or service

---

With ZITADEL you can manage the [roles](administrate#Roles) a [project](administrate#Projects) supplies to your users in the form of authorizations.
On the [project](administrate#Projects) it can be configured how **project roles** are supplied to the [clients](administrate#Clients).
By default ZITADEL asserts the claim **urn:zitadel:iam:org:project:roles** to the [Userinfo Endpoint](documentation#userinfo_endpoint)

- Assert the claim **urn:zitadel:iam:org:project:roles** to **access_token**
- Assert the claim **urn:zitadel:iam:org:project:roles** to **id_token**

```JSON
 "urn:zitadel:iam:org:project:roles": {
    "user": {
      "id1": "acme.zitadel.ch",
      "id2": "caos.ch",
    }
  }
```

---

For more details about how **ZITADEL** treats [scopes](documentation#Scopes) and [claims](documentation#Claims) see the [documentations](documentation).
chore(documentation): documentation and manuals for ZITADEL (#710) * chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2020-10-16 14:13:02 +02:00			`---`
			`title: OpenID Connect & OAuth`
			`description: ...`
			`---`

			`### Client Types / Profiles`

			`#### Single Page Application`

			`If your [client](administrate#Clients) is a single page application (SPA) we recommend that you use [Authorization Code](documentation#Authorization_Code) in combination with [Proof Key for Code Exchange](documentation#Proof_Key_for_Code_Exchange).`

			`This flow has great support with most modern languages and frameworks and is the recommended default.`

			`> In the OIDC and OAuth world this client profile is called "user-agent-based application"`

			`#### Server Side Application`

			`In the OIDC and OAuth world this client profile is called "web application"`

			`#### Mobile App / Native App`

			`In the OIDC and OAuth world this client profile is called "native application"`

			`### How to consume authorizations in your application or service`

docs: image gallery viewer (#905) * add assets, photoswipe html element to body * add single script, gallery for multiple items * update docs for image gallery * fix relative links * inject image script on mount * replace inline script * remove facebook, twitter, pinterest sharing * fix hover on share * fix start img aspect radio, reduce size * right align json script * right align go script * change script background 2020-10-26 13:03:51 +01:00			`---`

chore(documentation): documentation and manuals for ZITADEL (#710) * chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2020-10-16 14:13:02 +02:00			`With ZITADEL you can manage the [roles](administrate#Roles) a [project](administrate#Projects) supplies to your users in the form of authorizations.`
			`On the [project](administrate#Projects) it can be configured how project roles are supplied to the [clients](administrate#Clients).`
			`By default ZITADEL asserts the claim urn:zitadel:iam:org:project:roles to the [Userinfo Endpoint](documentation#userinfo_endpoint)`

			`- Assert the claim urn:zitadel:iam:org:project:roles to access_token`
			`- Assert the claim urn:zitadel:iam:org:project:roles to id_token`

			```JSON
			`"urn:zitadel:iam:org:project:roles": {`
			`"user": {`
			`"id1": "acme.zitadel.ch",`
			`"id2": "caos.ch",`
			`}`
			`}`
			```

docs: image gallery viewer (#905) * add assets, photoswipe html element to body * add single script, gallery for multiple items * update docs for image gallery * fix relative links * inject image script on mount * replace inline script * remove facebook, twitter, pinterest sharing * fix hover on share * fix start img aspect radio, reduce size * right align json script * right align go script * change script background 2020-10-26 13:03:51 +01:00			`---`

chore(documentation): documentation and manuals for ZITADEL (#710) * chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2020-10-16 14:13:02 +02:00			`For more details about how ZITADEL treats [scopes](documentation#Scopes) and [claims](documentation#Claims) see the [documentations](documentation).`