docs:add token introspection documentation based on blog post (#6118)

* Modifying docs to comply with Google style guide for docs. * Removed typo. * Added FE and BE integration with ZITADEL * Added FE and BE integration with ZITADEL * Added FE and BE integration with ZITADEL * Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx Co-authored-by: mffap <mpa@zitadel.com> * Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx Co-authored-by: mffap <mpa@zitadel.com> * Addressed @mffap's question on the PR. * Added docs for detailed explanations for token introspection. * Update docs/docs/guides/integrate/token-introspection/basic-auth.mdx Co-authored-by: Fabi <fabienne@zitadel.com> * Update docs/sidebars.js Co-authored-by: Fabi <fabienne@zitadel.com> * Update docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx * Addressed @hifabienne's review comments. * Addressed @hifabienne's review comments. --------- Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local> Co-authored-by: mffap <mpa@zitadel.com> Co-authored-by: Fabi <fabienne@zitadel.com>
2025-08-11 19:07:30 +00:00 · 2023-06-30 11:50:13 +05:30
parent 1fddc6e002
commit 3f85aa014e
22 changed files with 335 additions and 3 deletions
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@@ -150,6 +150,22 @@ module.exports = {
            "guides/integrate/logout",
          ],
        },
+        {
+          type: "category",
+          label: "Token introspection",
+          link: {
+            type: "generated-index",
+            title: "Token introspection",
+            slug: "/guides/integrate/token-introspection",
+            description:
+              "Token introspection is the process of checking whether an access token is valid and can be used to access protected resources. You have an API that acts as an OAuth resource server and can be accessed by user-facing applications. To validate an access token by calling the ZITADEL introspection API, you can use the JSON Web Token (JWT) Profile (recommended) or Basic Authentication for token introspection. It's crucial to understand that the API is entirely separate from the front end. The API shouldn’t concern itself with the token type received. Instead, it's about how the API chooses to call the introspection endpoint, either through JWT Profile or Basic Authentication. Many APIs assume they might receive a JWT and attempt to verify it based on signature or expiration. However, with ZITADEL, you can send either a JWT or an opaque Bearer token from the client end to the API. This flexibility is one of ZITADEL's standout features.",
+          },
+          collapsed: true,
+          items: [
+            "guides/integrate/token-introspection/private-key-jwt",
+            "guides/integrate/token-introspection/basic-auth",
+          ],
+        },
        {
          type: "category",
          label: "Authenticate service users",
@@ -169,13 +185,13 @@ module.exports = {
        },
        {
          type: "category",
-          label: "Build your own Login-UI",
+          label: "Build your own login UI",
          link: {
            type: "generated-index",
-            title: "Build your own Login-UI",
+            title: "Build your own login UI",
            slug: "/guides/integrate/login-ui",
            description:
-                "In the following guides you will learn how to create your own login ui with our APIs. The different scenarios like username/password, external identity provider, etc will be shown.",
+                "In the following guides you will learn how to create your own login UI with our APIs. The different scenarios like username/password, external identity provider, etc. will be shown."

          },
          collapsed: true,