docs: add new quick start guide and make other changes to overview page (#4996)
* docs: Added the latest quickstart guide and removed the old one. Modified the content on the overview page. * Renamed developer-quickstart.mdx to quickstart.mdx and other changes to resolve broken links * Update docs/docs/guides/start/quickstart.mdx Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update docs/docs/guides/start/quickstart.mdx Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update docs/docs/guides/start/quickstart.mdx Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Added a note on the scope of the application. Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MBP.localdomain> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
@ -2,6 +2,36 @@
|
||||
title: Overview
|
||||
---
|
||||
|
||||
With our guides you will learn everything you need to know about specific topics. You get step-by-step instructions for certain tasks and have a knowledge check at the end.
|
||||
Most applications need to know the identity of a user for access control, to securely store their data in the cloud, and provide the same personalized experience across all of the user's devices.
|
||||
|
||||
You can either use our cloud-instance [zitadel.com](https://zitadel.com) or deploy your own **ZITADEL** instance. To get started, we recommend you to try out our free tier first. Jump directly to the [get started](./start/quickstart) docs.
|
||||
ZITADEL provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users in your application. It supports authentication using passwords and applies additional security with the help of a second factor, for example, OTP, to ensure safe and secure access.
|
||||
It additionally leverages industry standards like OAuth 2.0 and OpenID Connect such that it can be easily integrated into your custom backend.
|
||||
|
||||
ZITADEL can be used in two ways:
|
||||
- Use the ZITADEL Cloud, our public cloud service. Use the free tier to get started in minutes.
|
||||
- Deploy a self-hosted ZITADEL for full control, wherever you like.
|
||||
|
||||
|
||||
## Help me choose
|
||||
|
||||
If you are unsure, opt for the gracious free tier of [ZITADEL Cloud](./manage/cloud/overview).
|
||||
|
||||
Choose [ZITADEL Cloud](./manage/cloud/overview) if you want:
|
||||
|
||||
- A turnkey solution that just works
|
||||
- A gracious free tier with a great pay-as-you-go option
|
||||
- Global scalability without the headache of running it yourself
|
||||
- Data-residency compliance for your customers
|
||||
|
||||
Choose [ZITADEL Self-Hosted](/self-hosting/deploy/overview) if you want:
|
||||
|
||||
- Total control over all components and your data
|
||||
- To run ZITADEL in air-gapped or regulated environments
|
||||
- Flexibility when you deploy updates
|
||||
|
||||
:::info
|
||||
Support is available either through the opensource community or a support contract.
|
||||
:::
|
||||
|
||||
|
||||
With our guides, you will learn everything you need to know about specific topics. To get started, jump directly to the [get started](./start/quickstart) docs.
|
||||
|
@ -1,81 +1,663 @@
|
||||
---
|
||||
title: Quickstart
|
||||
title: Quick Start Guide
|
||||
---
|
||||
|
||||
import Column from "../../../src/components/column";
|
||||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
import Zcloud from './_zitadel_cloud.mdx'
|
||||
import LocalInstance from './_local_instance.mdx'
|
||||
import VSCodeFolderView from "../../../static/img/guides/quickstart/vscode1.png";
|
||||
|
||||
|
||||
## Introduction
|
||||
|
||||
In this quick start guide, we will be learning some fundamentals on how to set up ZITADEL for user management and application security. Thereafter, we will secure a React-based Single Page Application (SPA) using ZITADEL.
|
||||
|
||||
The sample application allows users to securely log in to ZITADEL using the OIDC Proof Key for Code Exchange (PKCE) flow. This flow ensures that the authentication process is secure by using a code verifier and a code challenge, which are sent to ZITADEL to obtain an access token. The access token is then used by the app to access the userinfo endpoint to retrieve and display information about the logged-in user. The app also has a logout feature that allows users to end their session and clear their access token. Overall, the app provides a simple and secure way for users to authenticate and access protected resources within ZITADEL.
|
||||
|
||||
|
||||
## ZITADEL Terminology: Instances, Organizations, Projects, Users, Roles, Authorizations and Apps
|
||||
|
||||
In ZITADEL, instances, organizations, projects, users, roles, and apps are the main components that make up the platform.
|
||||
|
||||
The order of creation for the above components would typically be as follows:
|
||||
|
||||
|
||||
<ul>
|
||||
<li><b>Instance</b>: An instance is the top-level entity in ZITADEL that represents a deployment of ZITADEL for a registered account. An instance can have one or more organizations.</li>
|
||||
<li><b>Organization</b>: An organization is a logical separation within an instance that represents a company/organization and can have one or more projects. The default organization is the one that is provided at the start of the account registration process. Typically, an instance would have one organization, but in B2B scenarios, an instance would have more than one.</li>
|
||||
<li><b>Project</b>: A project is a logical separation within an organization and is a container for apps, roles and authorization policies for the resources it contains.</li>
|
||||
<li><b>Users</b>: Users are created at the organizational level and are granted access to the resources within projects. They can be assigned different roles, which define the permissions and privileges they have within the project.</li>
|
||||
<li><b>Roles</b>: Roles are the sets of permissions and privileges that are assigned to users within a project.</li>
|
||||
<li><b>Authorizations</b>: Authorization policies in ZITADEL are defined at the project level, which means that they apply to all the resources within the project. These policies are based on the roles that are assigned to users, and they determine the actions that users are allowed to perform within the project.</li>
|
||||
<li><b>Apps</b>: Apps are the applications that are developed and managed within a project. They can be client apps that use the resources within the project, or they can be backend apps that provide the resources for other apps to use. The apps can use the OIDC or SAML protocol to authenticate users to access protected resources.</li>
|
||||
</ul>
|
||||
|
||||
The order of creation for the above components may vary depending on the specific needs and requirements of the organization.
|
||||
|
||||
## Set Up and Manage ZITADEL for your Identity Projects
|
||||
|
||||
### 1. Sign up for the ZITADEL Cloud Customer Portal and Register your Organization
|
||||
|
||||
1. Go to [zitadel.com](http://zitadel.com) and click on “Start for FREE”.
|
||||
|
||||
![Home Page](/img/guides/quickstart/1.png)
|
||||
|
||||
2. Enter your details as shown below and click the "Let's go" button.
|
||||
|
||||
![Registration Page](/img/guides/quickstart/2.png)
|
||||
|
||||
3. You will receive a verification email to verify the user for the Customer Portal. Click the “Sign in” button.
|
||||
|
||||
![Congratulations Page](/img/guides/quickstart/3.png)
|
||||
|
||||
4. You will be prompted for a code, which has been emailed to you.
|
||||
|
||||
![Code](/img/guides/quickstart/4.png)
|
||||
|
||||
5. Check your inbox for the code. You can either click the “Finish initialization” button in the email itself or copy the code and return to the previous page. In this guide, we will copy the code and then continue from where we left off.
|
||||
|
||||
![Inbox](/img/guides/quickstart/5.png)
|
||||
|
||||
6. Paste the code and add a password as shown below. Click on the “next” button.
|
||||
|
||||
![Code](/img/guides/quickstart/6.png)
|
||||
|
||||
7. The user is now activated. Click on “next” to login.
|
||||
|
||||
![User Activated](/img/guides/quickstart/7.png)
|
||||
|
||||
8. Login with the username and password that you provided. Click “next”.
|
||||
|
||||
![Login](/img/guides/quickstart/8.png)
|
||||
|
||||
9. You should set up 2-factor authentication. However, we will skip this step for now. Click on “skip”.
|
||||
|
||||
![2-factor Authentication](/img/guides/quickstart/9.png)
|
||||
|
||||
10. You will now be asked to create an instance.
|
||||
|
||||
![Create Instance](/img/guides/quickstart/10.png)
|
||||
|
||||
### 2. Create your First Instance
|
||||
|
||||
As a user of the ZITADEL Cloud Customer Portal, you now have the ability to create multiple instances to suit your specific needs. This includes instances for development, production, or user acceptance testing, as well as instances for different clients or applications. For example, you might create an instance for each product in a B2C scenario, or an instance for each tenant or customer in a B2B scenario. The possibilities are endless. You can create a pay-as-you-go instance for production purposes.
|
||||
|
||||
1. Let’s create an instance. Click on “Create new instance”.
|
||||
|
||||
![Create Instance](/img/guides/quickstart/10.png)
|
||||
|
||||
2. Provide a name for your instance, select the “Free” plan and click on the “Create” button at the bottom on this screen.
|
||||
|
||||
![Select Tier](/img/guides/quickstart/11.png)
|
||||
|
||||
3. After a few seconds, you should see the following screen. To access the instance with the user details you have provided, you will find a link to access your instance in another initialization email (or in the details page of your instance on the ZITADEL Cloud platform).
|
||||
|
||||
![Instance Details](/img/guides/quickstart/12.png)
|
||||
|
||||
4. Open the initialization email and click on “Finish initialization”.
|
||||
|
||||
![Finish Initialization](/img/guides/quickstart/13.png)
|
||||
|
||||
5. You will be redirected to the following screen once again. Note that the “Code” will be auto-filled for you because you proceeded to this step from your email. Add a password and click “next”.
|
||||
|
||||
![Activate User](/img/guides/quickstart/14.png)
|
||||
|
||||
6. User activation for the instance is complete. Click “next”.
|
||||
|
||||
![User Activated](/img/guides/quickstart/15.png)
|
||||
|
||||
7. To login to your instance, click “next”.
|
||||
|
||||
![Login](/img/guides/quickstart/16.png)
|
||||
|
||||
8. Provide your password and click “next”.
|
||||
|
||||
![Login](/img/guides/quickstart/17.png)
|
||||
|
||||
9. Skip the 2-factor authentication for now by clicking “skip”.
|
||||
|
||||
![2-factor Authentication](/img/guides/quickstart/18.png)
|
||||
|
||||
10. And there you go! You now have access to your instance.
|
||||
|
||||
![Access Instance](/img/guides/quickstart/19.png)
|
||||
|
||||
### 3. Create your First Project
|
||||
|
||||
1. To create a project in the instance you just created, click on “Create Project”.
|
||||
|
||||
![Create Project](/img/guides/quickstart/19.png)
|
||||
|
||||
2. Insert “Project1” (or any name of your choice) as the project’s name and click the “Continue” button.
|
||||
|
||||
![Project Name](/img/guides/quickstart/20.png)
|
||||
|
||||
3. Now you will be taken to the screen below. “Project1” has been created.
|
||||
|
||||
![Project Created](/img/guides/quickstart/21.png)
|
||||
|
||||
### 4. Add Users
|
||||
|
||||
1. To add users, click on “Users” at the top menu. You will see that the user you already created is listed as a user here. Click on the “New” button to create a new user.
|
||||
|
||||
![Add User](/img/guides/quickstart/26.png)
|
||||
|
||||
2. Let’s add another user as shown below. Fill in the user details as shown below and click on the “Create” button when you are done.
|
||||
|
||||
![Add User](/img/guides/quickstart/27.png)
|
||||
|
||||
3. The newly created user details will be displayed as shown below.
|
||||
|
||||
![User Info](/img/guides/quickstart/28.png)
|
||||
|
||||
4. Once you navigate back to the "Users" view, you will see a list of all the users that have been added to your instance. If you need to add more users, you can do so.
|
||||
|
||||
![User Info](/img/guides/quickstart/29.png)
|
||||
|
||||
### 5. Add Roles to your Project
|
||||
|
||||
1. To add roles to your project, click on “Roles” on the left as shown below. Next, click on the “New” button.
|
||||
|
||||
![Add Roles](/img/guides/quickstart/22.png)
|
||||
|
||||
2. Let’s create the role “manager” as shown below. Add “Manager” and “Group1” as display name and group respectively.
|
||||
|
||||
![Add Role](/img/guides/quickstart/23.png)
|
||||
|
||||
3. You can also add other roles in this step by clicking on “Add additional role”. Let’s go ahead and add two more as shown below. Click “Save” when you are done.
|
||||
|
||||
![Add Role](/img/guides/quickstart/24.png)
|
||||
|
||||
4. Now you can view a list of all the roles you just created.
|
||||
|
||||
![Add Role](/img/guides/quickstart/25.png)
|
||||
|
||||
### 6. Add Authorizations to your Project
|
||||
|
||||
1. Click on “Authorizations” on the top menu.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/30.png)
|
||||
|
||||
2. Select users for the authorization. You can select 1 or more users for a single authorization grant. Let’s select all the users for this grant.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/31.png)
|
||||
|
||||
3. Next, select a project. Since we created only “Project1” so far, you will see just that. Go ahead and select it.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/32.png)
|
||||
|
||||
4. Let’s select the role “sales”. Click on “Save”.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/33.png)
|
||||
|
||||
5. Now you will see the users with their designated roles.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/34.png)
|
||||
|
||||
6. To assign additional roles to a user, you can click on the user's name and select the desired roles from the list. This will grant the user additional permissions within the project. Click on “Change”.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/35.png)
|
||||
|
||||
7. You can see that additional roles have been assigned to the users in this updated authorization list and this should now give you an indication of how authorizations work in ZITADEL.
|
||||
|
||||
![Add Authorization](/img/guides/quickstart/37.png)
|
||||
|
||||
### 7. Create an Application in your Project
|
||||
|
||||
We will now create an application in the project, which will allow our React client application to access protected resources through the use of the OpenID Connect (OIDC) protocol.
|
||||
|
||||
1. Go to “Projects” and click on “Project1”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/38.png)
|
||||
|
||||
2. Click on “New” to add a new application.
|
||||
|
||||
![Add Application](/img/guides/quickstart/39.png)
|
||||
|
||||
3. Provide the name of the app as “React-SPA”. Select “User Agent” and click on “Continue”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/41.png)
|
||||
|
||||
4. Select “PKCE” because we recommend the use of [Authorization Code](https://zitadel.com/docs/apis/openidoauth/grant-types#authorization-code) in combination with [Proof Key for Code Exchange (PKCE)](https://zitadel.com/docs/apis/openidoauth/grant-types#authorization-code) for all web applications. More about the different app types can be found [here](https://zitadel.com/docs/guides/integrate/oauth-recommended-flows#different-client-profiles). Click on "Continue".
|
||||
|
||||
![Add Application](/img/guides/quickstart/42.png)
|
||||
|
||||
5. The Redirect URL in your application is where the ZITADEL authorization server redirects the user after they have been authenticated. Set your “Redirect URI” to [http://localhost:3000/callback](http://localhost:3000/callback) and “Post Logout URI” to [http://localhost:3000/](http://localhost:3000/). Click on “Continue”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/43.png)
|
||||
|
||||
6. Now you will be presented with the details of your application for review. Click on “Create”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/44.png)
|
||||
|
||||
7. After that, a window will appear showing you your “ClientId”. Click on “Close”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/45.png)
|
||||
|
||||
8. On the following screen, you may notice some warnings at the top. These warnings are displayed because the URLs for our application are using unsecure HTTP instead of HTTPS. To resolve this, we will need to update our URLs, but there is a workaround to this so that we can continue using HTTP during the development phase.
|
||||
|
||||
![Add Application](/img/guides/quickstart/46.png)
|
||||
|
||||
9. To proceed with HTTP, go to “Redirect Settings” on the left.
|
||||
|
||||
![Add Application](/img/guides/quickstart/47.png)
|
||||
|
||||
10. Now activate “Development Mode” as shown below and click “Save”.
|
||||
|
||||
![Add Application](/img/guides/quickstart/48.png)
|
||||
|
||||
11. Now if you go to “Projects” and “Project1”, you will see the “React-SPA” app listed as an application in the project:
|
||||
|
||||
![Add Application](/img/guides/quickstart/50.png)
|
||||
|
||||
### 8. Obtaining ClientId and OIDC Endpoints for your Application {#referred1}
|
||||
You will need the ClientId and the OIDC endpoints (issuer and userinfo) when building your React application. The issuer URL is the base URL for the OIDC provider and includes the path to the OIDC discovery document, which contains information about the OIDC provider, including the authorization and token endpoints. By providing the issuer URL, you can use the OIDC library to automatically determine the endpoints for these requests.
|
||||
|
||||
The authorization endpoint is used to initiate the authorization process, the token endpoint is used to exchange authorization codes for access tokens, and the userinfo endpoint is used to retrieve information about the user. You need an access token to access the userinfo endpoint and other protected resources.
|
||||
|
||||
1. Click on “Configurations” to access the Client ID as shown below:
|
||||
|
||||
![Get URLs](/img/guides/quickstart/51.png)
|
||||
|
||||
2. The issuer URL and userinfo endpoint can be accessed by clicking on “URLs” on the left. Make note of the corresponding values for “issuer” and “userinfo_endpoint”.
|
||||
|
||||
![Get URLs](/img/guides/quickstart/52.png)
|
||||
|
||||
And with that, configuring ZITADEL for our application is complete. Now we can move on to building our React application. Let's get coding!
|
||||
|
||||
## Create Your React Application with ZITADEL OIDC PKCE Authentication
|
||||
|
||||
### 1. Functional Requirements of the Application
|
||||
|
||||
1. The user navigates to the React app (client) and clicks the "login" button.
|
||||
2. The app initiates the authorization process by redirecting the user’s browser to the authorization endpoint of the ZITADEL instance, along with the PKCE parameters (code challenge, and code challenge method).
|
||||
3. The user will see the ZITADEL login page, where the user can enter their credentials.
|
||||
4. After successful authentication, ZITADEL generates an authorization code and redirects the user back to the React app.
|
||||
5. The React app sends a request to the ZITADEL token endpoint, along with the authorization code and code verifier.
|
||||
6. ZITADEL verifies the code verifier to ensure that the authorization request is coming from the same client that initiated it. If it is valid, ZITADEL returns an access token to the React app.
|
||||
7. The React app uses the access token to make a request to the userinfo endpoint, which is protected by the OIDC protocol.
|
||||
8. The userinfo endpoint returns information about the logged-in user, such as their name and email address.
|
||||
9. The React app displays this information to the user.
|
||||
10. When the user wants to log out, the React app sends a request to the ZITADEL logout endpoint, which clears the access token and ends the user's session.
|
||||
11. The user will be redirected to the login page of the app.
|
||||
|
||||
***The scope of this application for this quick start guide is limited to user authentication and doesn't include role-based authentication, even though we previously discussed adding roles and users.***
|
||||
|
||||
### 2. Prerequisites
|
||||
|
||||
To follow along with this tutorial, you will need to have both React and Visual Studio Code (VSCode) installed on your machine.
|
||||
|
||||
<b> React </b>
|
||||
|
||||
To install React, you will need to have Node.js installed on your system. You can download and install Node.js from [here](https://nodejs.org/).
|
||||
|
||||
Once you have Node.js installed, you can use the following command to install React:
|
||||
|
||||
``` npm install -g react ```
|
||||
|
||||
This will install the latest version of React globally on your system. You can then verify the installation by running the following command:
|
||||
|
||||
``` react -v ```
|
||||
|
||||
This should output the version of React that you have installed.
|
||||
|
||||
<b> Visual Studio Code </b>
|
||||
|
||||
To install Visual Studio Code, go to their [website](https://code.visualstudio.com/) and download and install the version for your operating system.
|
||||
|
||||
|
||||
### 3. Development
|
||||
#### 1. Create Project
|
||||
1. Open a new terminal window in Visual Studio Code.
|
||||
2. Navigate to the folder where you want to create the React app.
|
||||
3. Run the following command to create a new React app named "react-oidc-zitadel":
|
||||
|
||||
``` npx create-react-app react-oidc-zitadel ```
|
||||
|
||||
4. Navigate to the "react-oidc-zitadel" folder:
|
||||
|
||||
``` cd react-oidc-zitadel ```
|
||||
|
||||
This will create the following files in your project:
|
||||
|
||||
<img src={VSCodeFolderView} width="40%" height="40%" />
|
||||
|
||||
5. The dependencies for this project include react-router-dom and oidc-client-ts. To include them in your React application, you will need to run the following command in your terminal:
|
||||
|
||||
``` npm install react-router-dom oidc-client-ts ```
|
||||
|
||||
|
||||
#### 2. Add Source Files
|
||||
|
||||
The code needed to run this project can be found [here](https://github.com/zitadel/react-user-authentication).
|
||||
|
||||
1. Replace the content in your App.js file with the one provided below:
|
||||
|
||||
[src/App.js](https://github.com/zitadel/react-user-authentication/blob/main/src/App.js):
|
||||
|
||||
```
|
||||
import React, { useState, useEffect } from "react";
|
||||
import { BrowserRouter, Routes, Route } from "react-router-dom";
|
||||
import Login from "./components/Login";
|
||||
import Callback from "./components/Callback";
|
||||
import authConfig from "./authConfig";
|
||||
import { UserManager, WebStorageStateStore } from "oidc-client-ts";
|
||||
|
||||
function App() {
|
||||
const userManager = new UserManager({
|
||||
userStore: new WebStorageStateStore({ store: window.localStorage }),
|
||||
...authConfig,
|
||||
});
|
||||
|
||||
function authorize() {
|
||||
userManager.signinRedirect({ state: "a2123a67ff11413fa19217a9ea0fbad5" });
|
||||
}
|
||||
|
||||
function clearAuth() {
|
||||
userManager.signoutRedirect();
|
||||
}
|
||||
|
||||
const [authenticated, setAuthenticated] = useState(null);
|
||||
const [userInfo, setUserInfo] = useState(null);
|
||||
|
||||
useEffect(() => {
|
||||
userManager.getUser().then((user) => {
|
||||
if (user) {
|
||||
setAuthenticated(true);
|
||||
} else {
|
||||
setAuthenticated(false);
|
||||
}
|
||||
});
|
||||
}, [userManager]);
|
||||
|
||||
return (
|
||||
<BrowserRouter>
|
||||
<Routes>
|
||||
<Route
|
||||
path="/"
|
||||
element={<Login auth={authenticated} handleLogin={authorize} />}
|
||||
/>
|
||||
<Route
|
||||
path="/callback"
|
||||
element={
|
||||
<Callback
|
||||
auth={authenticated}
|
||||
setAuth={setAuthenticated}
|
||||
userInfo={userInfo}
|
||||
setUserInfo={setUserInfo}
|
||||
handleLogout={clearAuth}
|
||||
userManager={userManager}
|
||||
/>
|
||||
}
|
||||
/>
|
||||
</Routes>
|
||||
</BrowserRouter>
|
||||
);
|
||||
}
|
||||
|
||||
export default App;
|
||||
```
|
||||
|
||||
The App.js file is the root component of the React app that initializes the OIDC flow and manages the user's session. It does this by:
|
||||
|
||||
- Importing the necessary libraries and components from the dependencies, including the ```oidc-client-ts``` library, the ```authConfig``` file with the OIDC configuration values, and the Login and Callback components.
|
||||
- Initializing a new ``UserManager`` instance with the OIDC configuration values from the authConfig file. The ``` UserManager``` instance manages the OIDC flow and stores the user's session information.
|
||||
- Defining two functions: ```authorize``` and ```clearAuth```. The ```authorize``` function initiates the OIDC flow when the user clicks the ```login``` button, while the ```clearAuth``` function ends the user's session when the user clicks the ```logout``` button.
|
||||
- Defining two state variables: ```authenticated``` and ```userInfo```. The authenticated variable is a boolean that indicates whether the user is authenticated or not, while the ```userInfo``` variable stores the user's information when they are authenticated.
|
||||
- Using the ```useEffect``` hook to retrieve the user's session information from the ```UserManager``` instance and updating the ```authenticated``` and ```userInfo``` state variables accordingly.
|
||||
- Defining the routes for the app using the ```react-router-dom``` library, including the ```/``` and ```/callback``` routes for the login and callback pages, respectively. The ```Login``` and ```Callback``` components handle the login and callback processes, respectively.
|
||||
|
||||
2. Create a folder named components in the src directory. Create two files named Login.js and Callback.js.
|
||||
|
||||
3. Paste the following code to Login.js.
|
||||
|
||||
[src/components/Login.js](https://github.com/zitadel/react-user-authentication/blob/main/src/components/Login.js)
|
||||
|
||||
```
|
||||
import { Navigate } from "react-router-dom";
|
||||
|
||||
const Login = ({ auth, handleLogin, userManager }) => {
|
||||
return (
|
||||
<div>
|
||||
{auth === null && <div>Loading...</div>}
|
||||
{auth === false && (
|
||||
<div>
|
||||
<h1>Welcome!</h1>
|
||||
<button
|
||||
onClick={() => {
|
||||
// Perform the authorization request, including the code challenge
|
||||
handleLogin();
|
||||
}}
|
||||
>
|
||||
Please log in.
|
||||
</button>
|
||||
</div>
|
||||
)}
|
||||
{auth && <Navigate to="/callback" />}
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
export default Login;
|
||||
```
|
||||
The ```/``` route corresponds to the login page, which is rendered by the Login component. The Login(Login.js) component is a functional component that displays the login button and calls the ```handleLogin``` function (which corresponds to the ```authorize``` function defined in the App component) when the button is clicked. This initiates the OIDC flow by redirecting the user to the authorization endpoint.
|
||||
|
||||
4. Paste the following code to Callback.js.
|
||||
|
||||
[src/components/Callback.js](https://github.com/zitadel/react-user-authentication/blob/main/src/components/Callback.js)
|
||||
|
||||
```
|
||||
import React, { useEffect } from 'react';
|
||||
import authConfig from '../authConfig';
|
||||
|
||||
const Callback = ({ auth, setAuth, userManager, userInfo, setUserInfo, handleLogout }) => {
|
||||
|
||||
useEffect(() => {
|
||||
if (auth === null) {
|
||||
userManager.signinRedirectCallback().then((user) => {
|
||||
if (user) {
|
||||
setAuth(true);
|
||||
const access_token = user.access_token;
|
||||
// Make a request to the user info endpoint using the access token
|
||||
fetch(authConfig.userinfo_endpoint, {
|
||||
headers: {
|
||||
'Authorization': `Bearer ${access_token}`
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(userInfo => {
|
||||
setUserInfo(userInfo);
|
||||
});
|
||||
} else {
|
||||
setAuth(false);
|
||||
}
|
||||
}).catch((error) => {
|
||||
setAuth(false);
|
||||
});
|
||||
}
|
||||
}, [auth, userManager, setAuth]);
|
||||
|
||||
|
||||
if (auth === true && userInfo) {
|
||||
return (
|
||||
<div>
|
||||
<h1>Welcome, {userInfo.name}!</h1>
|
||||
<h2>Your ZITADEL Profile Information</h2>
|
||||
<h3>Name: {userInfo.name}</h3>
|
||||
<h3>Email: {userInfo.email}</h3>
|
||||
<h3>Email Verified: {userInfo.email_verified? "Yes": "No"}</h3>
|
||||
<h3>Locale: {userInfo.locale}</h3>
|
||||
|
||||
<button onClick={handleLogout}>Log out</button>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
else {
|
||||
return <div>Loading...</div>;
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
export default Callback;
|
||||
```
|
||||
|
||||
The ```/callback``` route corresponds to the callback page, which is rendered by the Callback(Callback.js) component. The Callback component is also a functional component that handles the callback from the authorization server after the user logs in. It retrieves the authorization code from the URL, exchanges it for an access token and id token, and retrieves the user's information from the userinfo endpoint. It also sets the ```authenticated``` and ```userInfo``` state variables in the App(App.js) component and displays the ```logout``` button. When the ```logout``` button is clicked, the ```clearAuth``` function is called and the user's session is ended. The ```clearAuth``` function is defined in the App component and is called with no arguments. It initiates the end session flow by redirecting the user to the end session endpoint.
|
||||
|
||||
5. Create a new file in the src folder named authConfig.js and paste the following code to it.
|
||||
|
||||
[src/authConfig.js](https://github.com/zitadel/react-user-authentication/blob/main/src/authConfig.js)
|
||||
|
||||
```
|
||||
const authConfig = {
|
||||
authority: 'https://some_text.zitadel.cloud/', //Replace with your issuer URL
|
||||
client_id: 'ABC123@Project', //Replace with your client id
|
||||
redirect_uri: 'http://localhost:3000/callback',
|
||||
response_type: 'code',
|
||||
scope: 'openid profile email',
|
||||
post_logout_redirect_uri: 'http://localhost:3000/',
|
||||
userinfo_endpoint: 'https://instance-some_text.zitadel.cloud/oidc/v1/userinfo', //Replace with your user-info endpoint
|
||||
response_mode: 'query',
|
||||
code_challenge_method: 'S256',
|
||||
};
|
||||
|
||||
export default authConfig;
|
||||
```
|
||||
|
||||
The authConfig.js file exports an object with configuration values for the OIDC flow. These values are used to initialize the ```UserManager``` instance in the App component. The configuration values include the:
|
||||
- authority (the URL of the authorization server). ***Don’t forget to replace the ```authority``` value with the “issuer URL” that you obtained from this [step](#referred1).***
|
||||
- client_id (the unique identifier for the client application). ***Don’t forget to replace the ```client_id``` with your “ClientId” that you obtained from this [step](#referred1).***
|
||||
- redirect_uri (the URL to redirect to after the authorization flow is complete)
|
||||
- response_type (the type of response expected from the authorization server)
|
||||
- scope (the permissions requested from the user)
|
||||
- post_logout_redirect_uri (the URL to redirect to after the user logs out)
|
||||
- userinfo_endpoint (the URL of the endpoint to retrieve the user's information). ***Don’t forget to replace the ```userinfo_endoint``` with your “userinfo_endpoint” that you obtained from this [step](#referred1).***
|
||||
- response_mode (the method to use to send the authorization response)
|
||||
- code_challenge_method (the method to use to generate the code challenge).
|
||||
|
||||
Note that the oidc-client-ts library automatically handles the generation of the code verifier and code challenge when the user clicks on the login button, eliminating the need for the application to manually generate and include these values in the requests.
|
||||
|
||||
In the PKCE flow, the code verifier is a random string generated by the client application, and the code challenge is a transformed version of the code verifier using the SHA-256 hashing algorithm.
|
||||
|
||||
6. Add a file called style.css to the src folder to apply CSS styling to the pages.
|
||||
|
||||
[src/style.css](https://github.com/zitadel/react-user-authentication/blob/main/src/style.css)
|
||||
|
||||
```
|
||||
/* The body element covers the entire page, so setting the background color here
|
||||
will set the background color for the whole page */
|
||||
body {
|
||||
font-family: 'Open Sans', sans-serif;
|
||||
/* The hex code for the light blue color from the image is #9fd3e0 */
|
||||
background-color: #9fd3e0;
|
||||
/* Center the text in the body element */
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
/* The h1, h2, and h3 elements are used for headings */
|
||||
h1, h2, h3 {
|
||||
/* The hex code for the dark blue color from the image is #2c3e50 */
|
||||
color: #2c3e50;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
/* The button element represents a clickable button */
|
||||
button {
|
||||
/* The hex code for the light purple color from the image is #9b59b6 */
|
||||
background-color: #9b59b6;
|
||||
/* The hex code for the white color is #ffffff */
|
||||
color: #ffffff;
|
||||
/* Add some padding and a border to the button */
|
||||
padding: 10px 20px;
|
||||
border: none;
|
||||
/* Add some hover effect to the button */
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
/* The hex code for the dark purple color from the image is #8e44ad */
|
||||
background-color: #8e44ad;
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
7. Go to index.js and replace ```import './index.css';``` with ```import './style.css'```. Your index.css file should look like this:
|
||||
|
||||
[src/index.css](https://github.com/zitadel/react-user-authentication/blob/main/src/index.js)
|
||||
|
||||
```
|
||||
import React from 'react';
|
||||
import ReactDOM from 'react-dom/client';
|
||||
import './style.css';
|
||||
import App from './App';
|
||||
import reportWebVitals from './reportWebVitals';
|
||||
|
||||
const root = ReactDOM.createRoot(document.getElementById('root'));
|
||||
root.render(
|
||||
<React.StrictMode>
|
||||
<App />
|
||||
</React.StrictMode>
|
||||
);
|
||||
|
||||
// If you want to start measuring performance in your app, pass a function
|
||||
// to log results (for example: reportWebVitals(console.log))
|
||||
// or send to an analytics endpoint. Learn more: https://bit.ly/CRA-vitals
|
||||
reportWebVitals();
|
||||
```
|
||||
|
||||
### 4. Running the Application
|
||||
|
||||
1. Run ```npm start``` to start the development server.
|
||||
2. Open your browser and navigate to ```http://localhost:3000/``` to view the app.
|
||||
3. You will see the login page, which is the landing page of the app, when you run the application. Click on the “Please log in” button.
|
||||
|
||||
![Login](/img/guides/quickstart/login1.png)
|
||||
|
||||
4. You will be redirected to the ZITADEL login page. Add your username/email and click on “next”.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login2.png)
|
||||
|
||||
5. Enter your password and click on “next”.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login3.png)
|
||||
|
||||
6. If you entered the correct login credentials (and if the PKCE parameters generated by the application match), you will be redirected to the callback page, which displays your user information.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login4.png)
|
||||
|
||||
7. You can click on “Log out” to log out of the application and you will be taken to the landing page.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login1.png)
|
||||
|
||||
8. To see if the user has been successfully logged out and the user session has been terminated, click on “Please log in”, which brings you to the following page. Select the same user you logged in with earlier.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login5.png)
|
||||
|
||||
9. You will see that since the login session was terminated after logging out, the user has to enter his password again.
|
||||
|
||||
![Redirect](/img/guides/quickstart/login6.png)
|
||||
|
||||
|
||||
And this brings us to the end of this quick start guide!
|
||||
|
||||
This tutorial covered how to configure ZITADEL and how to use React to build an app that communicates with ZITADEL to access secured resources.
|
||||
|
||||
We hope you enjoyed the tutorial and encourage you to check out the ZITADEL [documentation](https://zitadel.com/docs) for more information on how to use the ZITADEL platform to its full potential. Thanks for joining us!
|
||||
|
||||
|
||||
|
||||
|
||||
Most applications need to know the identity of a user allowing to securely store user data in the cloud and provide the same personalised experience across all of the user's devices.
|
||||
|
||||
ZITADEL's authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users in your application. It supports authentication using passwords and applies additional security with the help of a second factor, for example OTP, to ensure a safe and secure access.
|
||||
It additionally leverages industry standards like OAuth 2.0 and OpenID Connect such that it can be easily integrated in your custom backend.
|
||||
|
||||
ZITADEL currently support two ways of using it:
|
||||
- Use the ZITADEL Cloud free tier to get started in minutes
|
||||
- Deploy a self-hosted ZITADEL, where ever you like
|
||||
|
||||
## Help me choose
|
||||
|
||||
If you are unsure you should opt for the gracious free-tier of [ZITADEL Cloud](../manage/cloud/overview).
|
||||
|
||||
Chose [ZITADEL Cloud](../manage/cloud/overview) if you want:
|
||||
|
||||
- A turnkey solution that just works
|
||||
- Gracious Free tier with a great pay-as-you-go option
|
||||
- Global scalability without the headache of running
|
||||
- Data residency compliance for your customers
|
||||
|
||||
Chose [ZITADEL Self-Hosted](/self-hosting/deploy/overview) if you want:
|
||||
|
||||
- Total control over all components and your data
|
||||
- Run ZITADEL in air gapped or regulated environemnts
|
||||
- Flexibilty when you deploy updates
|
||||
|
||||
:::info
|
||||
Support is available either through the opensource community or a support contract
|
||||
:::
|
||||
|
||||
<Tabs
|
||||
groupId="proxy-vendor"
|
||||
default="zcloud"
|
||||
values={[
|
||||
{'label': 'ZITADEL Cloud', 'value': 'zcloud'},
|
||||
{'label': 'Local Instance', 'value': 'local'},
|
||||
]}
|
||||
>
|
||||
<TabItem value="zcloud">
|
||||
<Zcloud/>
|
||||
<More/>
|
||||
</TabItem>
|
||||
<TabItem value="local">
|
||||
<LocalInstance/>
|
||||
<More/>
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## Create first project and application
|
||||
|
||||
To be able to connect your first application you have to create a project and an application in the ZITADEL Console.application
|
||||
|
||||
1. Click on the projects menu point
|
||||
2. Add new project by clicking the "+" Button and give a name
|
||||
3. Click the "+" Button in the project detail in the application section
|
||||
4. The wizard will help you through the creation process with the recommended values when choosing the application type [More about applications](../manage/console/applications)
|
||||
|
||||
Now you are ready to integrate ZITADEL into your application.
|
||||
Check out our [Examples](../../examples/introduction) to start with your app.
|
||||
|
||||
## Elect New Managers
|
||||
|
||||
:::note
|
||||
This takes place in the ZITADEL Console
|
||||
:::
|
||||
|
||||
ZITADEL allows you to give other users control over the ZITADEL Console. The manager role can be restricted to some kind of write and/or read.
|
||||
This is especially useful for direct administration over several users. You can have managers able to edit project settings and others able to create/add users only.
|
||||
|
||||
> Note: ZITADEL Managers are located on the right side panel of the ZITADEL Console.
|
@ -41,7 +41,9 @@ module.exports = {
|
||||
type: "category",
|
||||
label: "Get started",
|
||||
collapsed: false,
|
||||
items: ["guides/start/quickstart"],
|
||||
items: [
|
||||
"guides/start/quickstart",
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
|
BIN
docs/static/img/guides/quickstart/1.png
vendored
Normal file
After Width: | Height: | Size: 2.9 MiB |
BIN
docs/static/img/guides/quickstart/10.png
vendored
Normal file
After Width: | Height: | Size: 218 KiB |
BIN
docs/static/img/guides/quickstart/11.png
vendored
Normal file
After Width: | Height: | Size: 276 KiB |
BIN
docs/static/img/guides/quickstart/12.png
vendored
Normal file
After Width: | Height: | Size: 898 KiB |
BIN
docs/static/img/guides/quickstart/13.png
vendored
Normal file
After Width: | Height: | Size: 320 KiB |
BIN
docs/static/img/guides/quickstart/14.png
vendored
Normal file
After Width: | Height: | Size: 237 KiB |
BIN
docs/static/img/guides/quickstart/15.png
vendored
Normal file
After Width: | Height: | Size: 509 KiB |
BIN
docs/static/img/guides/quickstart/16.png
vendored
Normal file
After Width: | Height: | Size: 183 KiB |
BIN
docs/static/img/guides/quickstart/17.png
vendored
Normal file
After Width: | Height: | Size: 174 KiB |
BIN
docs/static/img/guides/quickstart/18.png
vendored
Normal file
After Width: | Height: | Size: 715 KiB |
BIN
docs/static/img/guides/quickstart/19.png
vendored
Normal file
After Width: | Height: | Size: 475 KiB |
BIN
docs/static/img/guides/quickstart/2.png
vendored
Normal file
After Width: | Height: | Size: 2.9 MiB |
BIN
docs/static/img/guides/quickstart/20.png
vendored
Normal file
After Width: | Height: | Size: 236 KiB |
BIN
docs/static/img/guides/quickstart/21.png
vendored
Normal file
After Width: | Height: | Size: 962 KiB |
BIN
docs/static/img/guides/quickstart/22.png
vendored
Normal file
After Width: | Height: | Size: 366 KiB |
BIN
docs/static/img/guides/quickstart/23.png
vendored
Normal file
After Width: | Height: | Size: 263 KiB |
BIN
docs/static/img/guides/quickstart/24.png
vendored
Normal file
After Width: | Height: | Size: 281 KiB |
BIN
docs/static/img/guides/quickstart/25.png
vendored
Normal file
After Width: | Height: | Size: 455 KiB |
BIN
docs/static/img/guides/quickstart/26.png
vendored
Normal file
After Width: | Height: | Size: 289 KiB |
BIN
docs/static/img/guides/quickstart/27.png
vendored
Normal file
After Width: | Height: | Size: 313 KiB |
BIN
docs/static/img/guides/quickstart/28.png
vendored
Normal file
After Width: | Height: | Size: 1.1 MiB |
BIN
docs/static/img/guides/quickstart/29.png
vendored
Normal file
After Width: | Height: | Size: 352 KiB |
BIN
docs/static/img/guides/quickstart/3.png
vendored
Normal file
After Width: | Height: | Size: 2.7 MiB |
BIN
docs/static/img/guides/quickstart/30.png
vendored
Normal file
After Width: | Height: | Size: 280 KiB |
BIN
docs/static/img/guides/quickstart/31.png
vendored
Normal file
After Width: | Height: | Size: 307 KiB |
BIN
docs/static/img/guides/quickstart/32.png
vendored
Normal file
After Width: | Height: | Size: 314 KiB |
BIN
docs/static/img/guides/quickstart/33.png
vendored
Normal file
After Width: | Height: | Size: 327 KiB |
BIN
docs/static/img/guides/quickstart/34.png
vendored
Normal file
After Width: | Height: | Size: 341 KiB |
BIN
docs/static/img/guides/quickstart/35.png
vendored
Normal file
After Width: | Height: | Size: 427 KiB |
BIN
docs/static/img/guides/quickstart/36.png
vendored
Normal file
After Width: | Height: | Size: 860 KiB |
BIN
docs/static/img/guides/quickstart/37.png
vendored
Normal file
After Width: | Height: | Size: 350 KiB |
BIN
docs/static/img/guides/quickstart/38.png
vendored
Normal file
After Width: | Height: | Size: 792 KiB |
BIN
docs/static/img/guides/quickstart/39.png
vendored
Normal file
After Width: | Height: | Size: 410 KiB |
BIN
docs/static/img/guides/quickstart/4.png
vendored
Normal file
After Width: | Height: | Size: 236 KiB |
BIN
docs/static/img/guides/quickstart/41.png
vendored
Normal file
After Width: | Height: | Size: 539 KiB |
BIN
docs/static/img/guides/quickstart/42.png
vendored
Normal file
After Width: | Height: | Size: 387 KiB |
BIN
docs/static/img/guides/quickstart/43.png
vendored
Normal file
After Width: | Height: | Size: 308 KiB |
BIN
docs/static/img/guides/quickstart/44.png
vendored
Normal file
After Width: | Height: | Size: 338 KiB |
BIN
docs/static/img/guides/quickstart/45.png
vendored
Normal file
After Width: | Height: | Size: 1.0 MiB |
BIN
docs/static/img/guides/quickstart/46.png
vendored
Normal file
After Width: | Height: | Size: 1.3 MiB |
BIN
docs/static/img/guides/quickstart/47.png
vendored
Normal file
After Width: | Height: | Size: 1.1 MiB |
BIN
docs/static/img/guides/quickstart/48.png
vendored
Normal file
After Width: | Height: | Size: 1.1 MiB |
BIN
docs/static/img/guides/quickstart/49.png
vendored
Normal file
After Width: | Height: | Size: 425 KiB |
BIN
docs/static/img/guides/quickstart/5.png
vendored
Normal file
After Width: | Height: | Size: 1.2 MiB |
BIN
docs/static/img/guides/quickstart/50.png
vendored
Normal file
After Width: | Height: | Size: 1.1 MiB |
BIN
docs/static/img/guides/quickstart/51.png
vendored
Normal file
After Width: | Height: | Size: 545 KiB |
BIN
docs/static/img/guides/quickstart/52.png
vendored
Normal file
After Width: | Height: | Size: 449 KiB |
BIN
docs/static/img/guides/quickstart/6.png
vendored
Normal file
After Width: | Height: | Size: 243 KiB |
BIN
docs/static/img/guides/quickstart/7.png
vendored
Normal file
After Width: | Height: | Size: 184 KiB |
BIN
docs/static/img/guides/quickstart/8.png
vendored
Normal file
After Width: | Height: | Size: 182 KiB |
BIN
docs/static/img/guides/quickstart/9.png
vendored
Normal file
After Width: | Height: | Size: 254 KiB |
BIN
docs/static/img/guides/quickstart/login1.png
vendored
Normal file
After Width: | Height: | Size: 113 KiB |
BIN
docs/static/img/guides/quickstart/login2.png
vendored
Normal file
After Width: | Height: | Size: 144 KiB |
BIN
docs/static/img/guides/quickstart/login3.png
vendored
Normal file
After Width: | Height: | Size: 136 KiB |
BIN
docs/static/img/guides/quickstart/login4.png
vendored
Normal file
After Width: | Height: | Size: 612 KiB |
BIN
docs/static/img/guides/quickstart/login5.png
vendored
Normal file
After Width: | Height: | Size: 169 KiB |
BIN
docs/static/img/guides/quickstart/login6.png
vendored
Normal file
After Width: | Height: | Size: 155 KiB |
BIN
docs/static/img/guides/quickstart/vscode1.png
vendored
Normal file
After Width: | Height: | Size: 89 KiB |