diff --git a/build/dockerfile b/build/dockerfile
index ffa4ad35b9..ca583d221a 100644
--- a/build/dockerfile
+++ b/build/dockerfile
@@ -12,7 +12,7 @@ RUN wget -O protoc https://github.com/protocolbuffers/protobuf/releases/download
     && unzip protoc \
     && wget -O bin/protoc-gen-grpc-web https://github.com/grpc/grpc-web/releases/download/1.2.0/protoc-gen-grpc-web-1.2.0-linux-x86_64 \
     && chmod +x bin/protoc-gen-grpc-web
-RUN curl https://raw.githubusercontent.com/envoyproxy/protoc-gen-validate/v0.4.0/validate/validate.proto --create-dirs -o validate/validate.proto  \
+RUN curl https://raw.githubusercontent.com/envoyproxy/protoc-gen-validate/v0.4.1/validate/validate.proto --create-dirs -o validate/validate.proto  \
     && curl https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/v1.14.6/protoc-gen-swagger/options/annotations.proto --create-dirs -o protoc-gen-swagger/options/annotations.proto \
     && curl https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/v1.14.6/protoc-gen-swagger/options/openapiv2.proto --create-dirs -o protoc-gen-swagger/options/openapiv2.proto \
     && curl https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/annotations.proto --create-dirs -o google/api/annotations.proto \
diff --git a/console/ngsw-config.json b/console/ngsw-config.json
index 320b19ba17..7a2ad93cec 100644
--- a/console/ngsw-config.json
+++ b/console/ngsw-config.json
@@ -10,6 +10,7 @@
           "/favicon.ico",
           "/index.html",
           "/manifest.webmanifest",
+          "/assets/i18n/**",
           "/*.css",
           "/*.js"
         ]
@@ -21,6 +22,7 @@
       "resources": {
         "files": [
           "/assets/**",
+          "!/assets/i18n/**",
           "/*.(eot|svg|cur|jpg|png|webp|gif|otf|ttf|woff|woff2|ani)"
         ]
       }
diff --git a/console/src/app/app.component.html b/console/src/app/app.component.html
index 9e64ef676b..dd61103f61 100644
--- a/console/src/app/app.component.html
+++ b/console/src/app/app.component.html
@@ -134,7 +134,8 @@
                             </ng-template>
 
                             <ng-template appHasRole [appHasRole]="['user.grant.read(:[0-9]*)?']">
-                                <a @navitem class="nav-item" [routerLinkActive]="['active']" [routerLink]="[ '/grants']"
+                                <a @navitem matTooltip="{{'MENU.TOOLTIP.AUTHZ' | translate}}" class="nav-item"
+                                    [routerLinkActive]="['active']" [routerLink]="[ '/grants']"
                                     [routerLinkActiveOptions]="{ exact: true }">
                                     <i class="icon las la-shield-alt"></i>
                                     <span class="label">{{ 'MENU.GRANTS' | translate }}</span>
diff --git a/console/src/app/app.component.scss b/console/src/app/app.component.scss
index 04591da529..836654ab0a 100644
--- a/console/src/app/app.component.scss
+++ b/console/src/app/app.component.scss
@@ -36,6 +36,10 @@
 
   .doc-link {
     margin-right: 1rem;
+
+    @media only screen and (max-width: 500px) {
+      display: none;
+    }
   }
 
   .icon-container {
diff --git a/console/src/app/modules/accounts-card/accounts-card.component.scss b/console/src/app/modules/accounts-card/accounts-card.component.scss
index f308d56de5..18939b3631 100644
--- a/console/src/app/modules/accounts-card/accounts-card.component.scss
+++ b/console/src/app/modules/accounts-card/accounts-card.component.scss
@@ -56,7 +56,7 @@
 
       &:hover {
         cursor: pointer;
-        background-color: #ffffff10;
+        background-color: #00000010;
       }
 
       .small-avatar {
diff --git a/console/src/app/modules/contributors/contributors.component.html b/console/src/app/modules/contributors/contributors.component.html
index ec137c2480..7ee146b3a2 100644
--- a/console/src/app/modules/contributors/contributors.component.html
+++ b/console/src/app/modules/contributors/contributors.component.html
@@ -30,7 +30,7 @@
                 </div>
             </ng-template>
             <button class="add-img" (click)="emitAddMember()" [disabled]="disabled" mat-icon-button
-                aria-label="Edit contributors">
+                matTooltip="{{'ACTIONS.ADD' | translate}}" aria-label="Edit contributors">
                 <mat-icon>add</mat-icon>
             </button>
             <span class="fill-space"></span>
diff --git a/console/src/app/modules/form-field/form-field.component.ts b/console/src/app/modules/form-field/form-field.component.ts
index e06efc1485..55fecceffc 100644
--- a/console/src/app/modules/form-field/form-field.component.ts
+++ b/console/src/app/modules/form-field/form-field.component.ts
@@ -45,7 +45,10 @@ class CnslFormFieldBase {
         '[class.ng-valid]': '_shouldForward("valid")',
         '[class.ng-invalid]': '_shouldForward("invalid")',
         '[class.ng-pending]': '_shouldForward("pending")',
-        // '[class.cnsl-form-field-invalid]': '_control.errorState',
+        '[class.cnsl-form-field-disabled]': '_control.disabled',
+        '[class.cnsl-form-field-autofilled]': '_control.autofilled',
+        '[class.cnsl-focused]': '_control.focused',
+        '[class.cnsl-form-field-invalid]': '_control.errorState',
     },
     encapsulation: ViewEncapsulation.None,
     changeDetection: ChangeDetectionStrategy.OnPush,
diff --git a/console/src/app/modules/info-section/info-section.component.html b/console/src/app/modules/info-section/info-section.component.html
new file mode 100644
index 0000000000..90564546d6
--- /dev/null
+++ b/console/src/app/modules/info-section/info-section.component.html
@@ -0,0 +1,6 @@
+<div class="info-section-row">
+    <i class="icon las la-info"></i>
+    <div class="info-section-content">
+        <ng-content></ng-content>
+    </div>
+</div>
\ No newline at end of file
diff --git a/console/src/app/modules/info-section/info-section.component.scss b/console/src/app/modules/info-section/info-section.component.scss
new file mode 100644
index 0000000000..ee75019945
--- /dev/null
+++ b/console/src/app/modules/info-section/info-section.component.scss
@@ -0,0 +1,30 @@
+@import '~@angular/material/theming';
+
+@mixin info-section-theme($theme) {
+  $primary: map-get($theme, primary);
+  $primary-color: mat-color($primary, 500);
+  $is-dark-theme: map-get($theme, is-dark);
+
+  .info-section-row {
+    display: flex;
+    background-color: if($is-dark-theme, #ffffff13, #f3f3f3);
+    border-radius: 4px;
+    padding: .5rem 0;
+    padding-right: 1rem;
+    color: if($is-dark-theme, #d6d6d6, #3c4257);
+    font-size: 14px;
+
+    .icon {
+      margin-right: 1rem;
+      height: 1.2rem;
+      line-height: 1.2rem;
+      font-size: 1.2rem;
+      margin-left: .5rem;
+      color: $primary-color;
+    }
+
+    .info-section-content {
+      flex: 1;
+    }
+  }
+}
diff --git a/console/src/app/modules/info-section/info-section.component.spec.ts b/console/src/app/modules/info-section/info-section.component.spec.ts
new file mode 100644
index 0000000000..74d521d403
--- /dev/null
+++ b/console/src/app/modules/info-section/info-section.component.spec.ts
@@ -0,0 +1,25 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { InfoSectionComponent } from './info-section.component';
+
+describe('InfoSectionComponent', () => {
+    let component: InfoSectionComponent;
+    let fixture: ComponentFixture<InfoSectionComponent>;
+
+    beforeEach(async () => {
+        await TestBed.configureTestingModule({
+            declarations: [InfoSectionComponent],
+        })
+            .compileComponents();
+    });
+
+    beforeEach(() => {
+        fixture = TestBed.createComponent(InfoSectionComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});
diff --git a/console/src/app/modules/info-section/info-section.component.ts b/console/src/app/modules/info-section/info-section.component.ts
new file mode 100644
index 0000000000..999364e46e
--- /dev/null
+++ b/console/src/app/modules/info-section/info-section.component.ts
@@ -0,0 +1,8 @@
+import { Component } from '@angular/core';
+
+@Component({
+    selector: 'cnsl-info-section',
+    templateUrl: './info-section.component.html',
+    styleUrls: ['./info-section.component.scss'],
+})
+export class InfoSectionComponent { }
diff --git a/console/src/app/modules/info-section/info-section.module.ts b/console/src/app/modules/info-section/info-section.module.ts
new file mode 100644
index 0000000000..894e0b250b
--- /dev/null
+++ b/console/src/app/modules/info-section/info-section.module.ts
@@ -0,0 +1,17 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+
+import { InfoSectionComponent } from './info-section.component';
+
+
+
+@NgModule({
+    declarations: [InfoSectionComponent],
+    imports: [
+        CommonModule,
+    ],
+    exports: [
+        InfoSectionComponent,
+    ],
+})
+export class InfoSectionModule { }
diff --git a/console/src/app/modules/label/label.component.scss b/console/src/app/modules/label/label.component.scss
index 969f672ac4..0f0d8a016b 100644
--- a/console/src/app/modules/label/label.component.scss
+++ b/console/src/app/modules/label/label.component.scss
@@ -5,12 +5,27 @@
   $primary: map-get($theme, primary);
   $primary-color: mat-color($primary, 500);
   $is-dark-theme: map-get($theme, is-dark);
+  $warn: map-get($theme, warn);
+  $warn-color: mat-color($warn, 500);
 
   .cnsl-label {
     display: block;
     font-size: 12px;
     color: if($is-dark-theme, var(--grey), var(--grey));
+    transition: color .2s ease;
     margin-bottom: 4px;
     font-weight: 400;
   }
+
+  .cnsl-form-field-disabled {
+    .cnsl-label {
+      color: if($is-dark-theme, #ffffff80, #00000061);
+    }
+  }
+
+  .cnsl-form-field-invalid {
+    .cnsl-label {
+      color: $warn-color;
+    }
+  }
 }
diff --git a/console/src/app/modules/meta-layout/meta.scss b/console/src/app/modules/meta-layout/meta.scss
new file mode 100644
index 0000000000..5d996d3dc5
--- /dev/null
+++ b/console/src/app/modules/meta-layout/meta.scss
@@ -0,0 +1,57 @@
+
+@import '~@angular/material/theming';
+
+@mixin meta-theme($theme) {
+  .meta-details {
+    margin-bottom: 1rem;
+    border-bottom: 1px solid #81868a40;
+    padding-bottom: 1rem;
+
+    .meta-row {
+      display: flex;
+      margin-bottom: .5rem;
+      align-items: center;
+
+      .first {
+        flex: 1;
+        font-size: 13px;
+        margin-right: .5rem;
+      }
+
+      .fill-space {
+        flex: 1;
+      }
+
+      .second {
+        font-size: 13px;
+      }
+
+      .state {
+        border-radius: 50vw;
+        padding: 2px .5rem;
+        letter-spacing: .05em;
+        font-size: 13px;
+        background-color: #8795a120;
+
+        &.active {
+          background-color: #85d996;
+          color: black;
+        }
+
+        &.inactive {
+          background-color: #ff8981;
+          color: black;
+        }
+      }
+    }
+  }
+
+  .mat-tab-label {
+    min-width: 100px !important;
+  }
+
+  .meta-flex-col {
+    display: flex;
+    flex-direction: column;
+  }
+}
diff --git a/console/src/app/pages/iam/iam.component.html b/console/src/app/pages/iam/iam.component.html
index 29355d4be7..fdd125fe3b 100644
--- a/console/src/app/pages/iam/iam.component.html
+++ b/console/src/app/pages/iam/iam.component.html
@@ -6,7 +6,7 @@
         <app-policy-grid [type]="PolicyGridType.IAM"></app-policy-grid>
     </div>
 
-    <div class="side" metainfo>
+    <div metainfo>
         <app-contributors [totalResult]="totalMemberResult" [loading]="loading$ | async"
             [membersSubject]="membersSubject" title="{{ 'PROJECT.MEMBER.TITLE' | translate }}"
             description="{{ 'PROJECT.MEMBER.TITLEDESC' | translate }}" (addClicked)="openAddMember()"
diff --git a/console/src/app/pages/iam/iam.component.scss b/console/src/app/pages/iam/iam.component.scss
index 8b74ff1ee6..3f7ee0cbd6 100644
--- a/console/src/app/pages/iam/iam.component.scss
+++ b/console/src/app/pages/iam/iam.component.scss
@@ -6,11 +6,3 @@
   color: var(--grey);
   margin-bottom: 2rem;
 }
-
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-  }
-}
diff --git a/console/src/app/pages/orgs/org-detail/org-detail.component.html b/console/src/app/pages/orgs/org-detail/org-detail.component.html
index 08e7715a09..8a2be81697 100644
--- a/console/src/app/pages/orgs/org-detail/org-detail.component.html
+++ b/console/src/app/pages/orgs/org-detail/org-detail.component.html
@@ -34,12 +34,16 @@
     </div>
 
     <div class="side" metainfo>
-        <div class="details">
-            <div class="row">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="org?.id" class="second">{{ org.id }}</span>
+            </div>
+            <div class="meta-row">
                 <span class="first">{{'ORG.PAGES.PRIMARYDOMAIN'  | translate}}</span>
                 <span class="second"><span style="display: block;">{{primaryDomain}}</span></span>
             </div>
-            <div class="row">
+            <div class="meta-row">
                 <span class="first">{{'ORG.PAGES.STATE'  | translate}}</span>
                 <span *ngIf="org && org.state !== undefined"
                     class="second">{{'ORG.STATE.'+org.state | translate}}</span>
@@ -54,7 +58,7 @@
                     (showDetailClicked)="showDetail()" (refreshClicked)="loadMembers()" [disabled]="false">
                 </app-contributors>
             </mat-tab>
-            <mat-tab label="{{ 'CHANGES.ORG.TITLE' | translate }}" class="flex-col">
+            <mat-tab label="{{ 'CHANGES.ORG.TITLE' | translate }}" class="meta-flex-col">
                 <app-changes *ngIf="org" [changeType]="ChangeType.ORG" [id]="org.id"></app-changes>
             </mat-tab>
         </mat-tab-group>
diff --git a/console/src/app/pages/orgs/org-detail/org-detail.component.scss b/console/src/app/pages/orgs/org-detail/org-detail.component.scss
index 24cc3880fc..63c399b7ab 100644
--- a/console/src/app/pages/orgs/org-detail/org-detail.component.scss
+++ b/console/src/app/pages/orgs/org-detail/org-detail.component.scss
@@ -63,31 +63,3 @@
   font-size: 14px;
   color: #818a8a;
 }
-
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: .8rem;
-        margin-right: .5rem;
-      }
-
-      .second {
-        font-size: .8rem;
-        text-overflow: ellipsis;
-        overflow: hidden;
-        margin-left: 1rem;
-        text-align: right;
-      }
-    }
-  }
-}
diff --git a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
index 58c711675f..726a157dce 100644
--- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
+++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
@@ -14,7 +14,7 @@
 
         <app-card title="{{ 'APP.PAGES.DETAIL.TITLE' | translate }}" *ngIf="app">
             <form [formGroup]="appNameForm" (ngSubmit)="saveApp()">
-                <div class="content">
+                <div class="name-content">
                     <mat-button-toggle-group formControlName="state" class="toggle" (change)="changeState($event)">
                         <mat-button-toggle [value]="AppState.APPSTATE_INACTIVE"
                             matTooltip="{{ 'ACTIONS.DEACTIVATE' | translate}}">
@@ -26,18 +26,18 @@
                         </mat-button-toggle>
                     </mat-button-toggle-group>
 
-                    <cnsl-form-field class="formfield">
+                    <cnsl-form-field class="name-field">
                         <cnsl-label>{{ 'APP.NAME' | translate }}</cnsl-label>
                         <input cnslInput formControlName="name" />
                     </cnsl-form-field>
 
-                    <p class="docs-line" *ngIf="docs?.discoveryEndpoint">Discovery Endpoint: {{docs.discoveryEndpoint}}
-                    </p>
-                    <p class="docs-line" *ngIf="docs?.issuer">Issuer: {{docs.issuer}}</p>
+                    <cnsl-info-section class="docs-line" *ngIf="docs?.discoveryEndpoint">
+                        <p><strong>Discovery Endpoint:</strong> {{docs.discoveryEndpoint}}</p>
+                        <p><strong>Issuer:</strong> {{docs.issuer}}</p>
+                    </cnsl-info-section>
                 </div>
                 <div class="btn-container">
-                    <button class="submit-button" type="submit" color="primary"
-                        [disabled]="appNameForm.invalid || name?.disabled"
+                    <button type="submit" color="primary" [disabled]="appNameForm.invalid || name?.disabled"
                         mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
                 </div>
             </form>
@@ -50,9 +50,12 @@
             </div>
 
             <div class="compliance">
-                <p class="problem" *ngFor="let problem of app.oidcConfig.complianceProblemsList">
-                    {{problem.localizedMessage}}
-                </p>
+                <cnsl-info-section class="problem">
+                    <ul style="margin: 0;">
+                        <li style="margin: 0 0 .5rem 0;" *ngFor="let problem of app.oidcConfig.complianceProblemsList">
+                            {{problem.localizedMessage}}</li>
+                    </ul>
+                </cnsl-info-section>
             </div>
             <form *ngIf="appForm" [formGroup]="appForm" (ngSubmit)="saveOIDCApp()">
                 <div class="content">
@@ -113,10 +116,16 @@
                     <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDCTOKENTYPE_JWT" class="full-width"
                         formControlName="accessTokenRoleAssertion" color="primary">
                         {{'APP.OIDC.ACCESSTOKENROLEASSERTION' | translate}}</mat-checkbox>
-                    <p class="full-width desc">{{'APP.OIDC.ACCESSTOKENROLEASSERTION_DESCRIPTION' | translate}}</p>
-                    <mat-checkbox class="full-width" formControlName="idTokenRoleAssertion" color="primary">
+
+                    <cnsl-info-section class="full-width desc">
+                        <span>{{'APP.OIDC.ACCESSTOKENROLEASSERTION_DESCRIPTION' | translate}}</span>
+                    </cnsl-info-section>
+                    <mat-checkbox class="full-width" style="margin-bottom: .5rem" formControlName="idTokenRoleAssertion"
+                        color="primary">
                         {{'APP.OIDC.IDTOKENROLEASSERTION' | translate}}</mat-checkbox>
-                    <p class="full-width desc">{{'APP.OIDC.IDTOKENROLEASSERTION_DESCRIPTION' | translate}}</p>
+                    <cnsl-info-section class="full-width desc">
+                        <span>{{'APP.OIDC.IDTOKENROLEASSERTION_DESCRIPTION' | translate}}</span>
+                    </cnsl-info-section>
 
                     <div class="divider"></div>
 
@@ -126,10 +135,15 @@
                         {{ 'APP.OIDC.DEVMODE' | translate }}
                     </mat-slide-toggle>
 
-                    <p class="step-description" style="margin-bottom: 2rem;">{{'APP.OIDC.DEVMODEDESC' | translate}}</p>
-                    <p class="step-description"
+                    <cnsl-info-section class="step-description">
+                        <span style="margin-bottom: 2rem;">{{'APP.OIDC.DEVMODEDESC' | translate}}</span>
+                    </cnsl-info-section>
+
+                    <cnsl-info-section class="step-description"
                         *ngIf="applicationType?.value == OIDCApplicationType.OIDCAPPLICATIONTYPE_NATIVE">
-                        {{'APP.OIDC.REDIRECTDESCRIPTIONNATIVE' | translate}}</p>
+                        <span>{{'APP.OIDC.REDIRECTDESCRIPTIONNATIVE' | translate}}</span>
+                    </cnsl-info-section>
+
                     <p class="step-description"
                         *ngIf="applicationType?.value == OIDCApplicationType.OIDCAPPLICATIONTYPE_WEB || applicationType?.value == OIDCApplicationType.OIDCAPPLICATIONTYPE_USER_AGENT">
                         {{'APP.OIDC.REDIRECTDESCRIPTIONWEB' | translate}}</p>
@@ -141,7 +155,8 @@
                             <input #redInput cnslInput placeholder="{{'APP.OIDC.COMMAORENTERSEPERATION' | translate}}"
                                 [formControl]="redirectControl">
                         </cnsl-form-field>
-                        <button matTooltip="{{'ACTIONS.ADD' | translate}}" type="submit" mat-icon-button>
+                        <button matTooltip="{{'ACTIONS.ADD' | translate}}" type="submit" mat-icon-button
+                            [disabled]="redirectControl.invalid || !canWrite">
                             <mat-icon>add</mat-icon>
                         </button>
                     </form>
@@ -164,7 +179,8 @@
                             <input #postInput cnslInput placeholder="{{'APP.OIDC.COMMAORENTERSEPERATION' | translate}}"
                                 [formControl]="postRedirectControl">
                         </cnsl-form-field>
-                        <button matTooltip="{{'ACTIONS.ADD' | translate}}" type="submit" mat-icon-button>
+                        <button matTooltip="{{'ACTIONS.ADD' | translate}}" type="submit" mat-icon-button
+                            [disabled]="postRedirectControl.invalid || !canWrite">
                             <mat-icon>add</mat-icon>
                         </button>
                     </form>
@@ -193,8 +209,12 @@
     </div>
 
     <div class="side" metainfo>
-        <div class="details">
-            <div class="row">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="app?.id" class="second">{{ app.id }}</span>
+            </div>
+            <div class="meta-row">
                 <span class="first">{{'PROJECT.STATE.TITLE' | translate}}:</span>
                 <span *ngIf="app && app.state !== undefined"
                     [ngClass]="{'active': app.state === AppState.APPSTATE_ACTIVE, 'inactive': app.state === AppState.APPSTATE_INACTIVE}"
diff --git a/console/src/app/pages/projects/apps/app-detail/app-detail.component.scss b/console/src/app/pages/projects/apps/app-detail/app-detail.component.scss
index 901685e035..615b10b2fe 100644
--- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.scss
+++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.scss
@@ -37,6 +37,46 @@
   font-size: 14px;
 }
 
+.name-content {
+  display: flex;
+  flex-direction: row;
+  flex-wrap: wrap;
+
+  .toggle {
+    outline: none;
+    align-self: flex-start;
+    margin-top: 1rem;
+    margin-right: 1rem;
+    border-radius: .5rem;
+
+    * {
+      outline: none;
+    }
+
+    i {
+      margin-right: 1rem;
+    }
+  }
+
+  .name-field {
+    flex: 1;
+  }
+}
+
+.docs-line {
+  flex-basis: 100%;
+  margin: .5rem 0;
+
+  p {
+    margin: 0;
+    margin-bottom: .5rem;
+  }
+
+  p:last-child {
+    margin: 0;
+  }
+}
+
 .content {
   display: flex;
   flex-direction: row;
@@ -91,6 +131,7 @@
   .desc {
     color: var(--grey);
     font-size: 14px;
+    margin-bottom: 1rem;
   }
 
   .devmode {
@@ -110,39 +151,12 @@
     color: #f44336;
     margin: 0 .5rem 1.5rem .5rem;
   }
-
-  .docs-line {
-    flex-basis: 100%;
-    font-size: 14px;
-    color: var(--grey);
-    margin-top: 0;
-  }
-
-  .toggle {
-    outline: none;
-    align-self: flex-start;
-    margin-top: 1rem;
-    margin-right: 1rem;
-    border-radius: .5rem;
-
-    * {
-      outline: none;
-    }
-
-    i {
-      margin-right: 1rem;
-    }
-  }
 }
 
 .btn-container {
   display: flex;
   justify-content: flex-end;
-  margin: 0 -.5rem;
-
-  .submit-button {
-    margin: 0 .5rem;
-  }
+  margin-top: 1rem;
 }
 
 .chip {
@@ -158,56 +172,5 @@
   flex-basis: 100%;
   margin: 1.5rem .5rem;
   height: 1px;
-  background-color: var(--grey);
-}
-
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: 13px;
-        margin-right: .5rem;
-      }
-
-      .fill-space {
-        flex: 1;
-      }
-
-      .state {
-        border-radius: 50vw;
-        padding: 2px .5rem;
-        letter-spacing: .05em;
-        font-size: 13px;
-        background-color: #8795a120;
-
-        &.active {
-          background-color: #85d996;
-          color: black;
-        }
-
-        &.inactive {
-          background-color: #ff8981;
-          color: black;
-        }
-      }
-    }
-  }
-
-  .mat-tab-label {
-    min-width: 100px !important;
-  }
-
-  .flex-col {
-    display: flex;
-    flex-direction: column;
-  }
+  background-color: rgba(#8795a1, .2);
 }
diff --git a/console/src/app/pages/projects/apps/apps.module.ts b/console/src/app/pages/projects/apps/apps.module.ts
index 768bbe8107..81559e7168 100644
--- a/console/src/app/pages/projects/apps/apps.module.ts
+++ b/console/src/app/pages/projects/apps/apps.module.ts
@@ -20,6 +20,7 @@ import { CopyToClipboardModule } from 'src/app/directives/copy-to-clipboard/copy
 import { HasRoleModule } from 'src/app/directives/has-role/has-role.module';
 import { CardModule } from 'src/app/modules/card/card.module';
 import { ChangesModule } from 'src/app/modules/changes/changes.module';
+import { InfoSectionModule } from 'src/app/modules/info-section/info-section.module';
 import { InputModule } from 'src/app/modules/input/input.module';
 import { MetaLayoutModule } from 'src/app/modules/meta-layout/meta-layout.module';
 
@@ -61,6 +62,7 @@ import { AppsRoutingModule } from './apps-routing.module';
         InputModule,
         MetaLayoutModule,
         ChangesModule,
+        InfoSectionModule,
     ],
     exports: [TranslateModule],
 })
diff --git a/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.html b/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.html
index ed46448a5e..d80dbde077 100644
--- a/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.html
+++ b/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.html
@@ -26,8 +26,12 @@
         </ng-template>
     </div>
     <div class="side" metainfo>
-        <div class="details">
-            <div class="row">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="projectId" class="second">{{ projectId }}</span>
+            </div>
+            <div class="meta-row">
                 <span class="first">{{'PROJECT.STATE.TITLE' | translate}}:</span>
                 <span *ngIf="project && project.state !== undefined" class="state"
                     [ngClass]="{'active': project.state === ProjectState.PROJECTSTATE_ACTIVE, 'inactive': project.state === ProjectState.PROJECTSTATE_INACTIVE}">{{'PROJECT.STATE.'+project.state | translate}}</span>
@@ -43,7 +47,7 @@
                     [disabled]="(['project.member.write$', 'project.member.write:'+ project.projectId]| hasRole | async) == false">
                 </app-contributors>
             </mat-tab>
-            <mat-tab label="{{ 'CHANGES.PROJECT.TITLE' | translate }}" class="flex-col">
+            <mat-tab label="{{ 'CHANGES.PROJECT.TITLE' | translate }}" class="meta-flex-col">
                 <app-changes *ngIf="project" [changeType]="ChangeType.PROJECT" [id]="project.projectId"></app-changes>
             </mat-tab>
         </mat-tab-group>
diff --git a/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.scss b/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.scss
index ff25a9436a..c9a505fb34 100644
--- a/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.scss
+++ b/console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.scss
@@ -39,54 +39,3 @@
   font-size: .9rem;
   color: var(--grey);
 }
-
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: 13px;
-        margin-right: .5rem;
-      }
-
-      .fill-space {
-        flex: 1;
-      }
-
-      .state {
-        border-radius: 50vw;
-        padding: 2px .5rem;
-        letter-spacing: .05em;
-        font-size: 11px;
-        background-color: #8795a120;
-
-        &.active {
-          background-color: #85d996;
-          color: black;
-        }
-
-        &.inactive {
-          background-color: #ff8981;
-          color: black;
-        }
-      }
-    }
-  }
-
-  .mat-tab-label {
-    min-width: 100px !important;
-  }
-
-  .flex-col {
-    display: flex;
-    flex-direction: column;
-  }
-}
diff --git a/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.html b/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.html
index 0fc1cb0434..5a336524aa 100644
--- a/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.html
+++ b/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.html
@@ -110,8 +110,12 @@
         </ng-container>
     </div>
     <div class="side" metainfo>
-        <div class="details">
-            <div class="row">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="projectId" class="second">{{ projectId }}</span>
+            </div>
+            <div class="meta-row">
                 <span class="first">{{'PROJECT.STATE.TITLE' | translate}}:</span>
                 <span *ngIf="project && project.state !== undefined" class="state"
                     [ngClass]="{'active': project.state === ProjectState.PROJECTSTATE_ACTIVE, 'inactive': project.state === ProjectState.PROJECTSTATE_INACTIVE}">{{'PROJECT.STATE.'+project.state | translate}}</span>
@@ -127,7 +131,7 @@
                     [disabled]="(['project.member.write$', 'project.member.write:'+ project.projectId]| hasRole | async) == false">
                 </app-contributors>
             </mat-tab>
-            <mat-tab label="{{ 'CHANGES.PROJECT.TITLE' | translate }}" class="flex-col">
+            <mat-tab label="{{ 'CHANGES.PROJECT.TITLE' | translate }}" class="meta-flex-col">
                 <app-changes *ngIf="project" [changeType]="ChangeType.PROJECT" [id]="project.projectId"></app-changes>
             </mat-tab>
         </mat-tab-group>
diff --git a/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.scss b/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.scss
index 92cb54503d..b20146e592 100644
--- a/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.scss
+++ b/console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.scss
@@ -54,53 +54,6 @@
   align-items: center;
 }
 
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: 13px;
-        margin-right: .5rem;
-      }
-
-      .state {
-        border-radius: 50vw;
-        padding: 2px .5rem;
-        letter-spacing: .05em;
-        font-size: 11px;
-        background-color: #8795a120;
-
-        &.active {
-          background-color: #85d996;
-          color: black;
-        }
-
-        &.inactive {
-          background-color: #ff8981;
-          color: black;
-        }
-      }
-    }
-  }
-
-  .mat-tab-label {
-    min-width: 100px !important;
-  }
-
-  .flex-col {
-    display: flex;
-    flex-direction: column;
-  }
-}
-
 .desc {
   color: var(--grey);
   font-size: 14px;
diff --git a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
index be42b7f795..23ccdf36e8 100644
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.html
@@ -66,8 +66,9 @@
                 <ng-container matColumnDef="actions" stickyEnd>
                     <th mat-header-cell *matHeaderCellDef></th>
                     <td mat-cell *matCellDef="let project">
-                        <button *ngIf="project.projectId !== zitadelProjectId" color="warn" mat-icon-button
-                            matTooltip="{{'ACTIONS.DELETE' | translate}}" (click)="deleteProject(project.projectId)">
+                        <button class="dlt-button" *ngIf="project.projectId !== zitadelProjectId" color="warn"
+                            mat-icon-button matTooltip="{{'ACTIONS.DELETE' | translate}}"
+                            (click)="deleteProject(project.projectId)">
                             <i class="las la-trash"></i>
                         </button>
                     </td>
diff --git a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.scss b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.scss
index a2aa3ea710..a8d56fb13c 100644
--- a/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.scss
+++ b/console/src/app/pages/projects/owned-projects/owned-project-list/owned-project-list.component.scss
@@ -45,4 +45,14 @@ h1 {
 
 tr {
   outline: none;
+
+  .dlt-button {
+    visibility: hidden;
+  }
+
+  &:hover {
+    .dlt-button {
+      visibility: visible;
+    }
+  }
 }
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html
index fecc95363a..4f65a79667 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html
@@ -40,7 +40,7 @@
 
         <app-card *ngIf="user" title="{{ 'USER.LOGINMETHODS.TITLE' | translate }}"
             description="{{ 'USER.LOGINMETHODS.DESCRIPTION' | translate }}">
-            <button card-actions mat-icon-button (click)="refreshUser()">
+            <button card-actions mat-icon-button (click)="refreshUser()" matTooltip="{{'ACTIONS.REFRESH' | translate}}">
                 <mat-icon>refresh</mat-icon>
             </button>
             <app-contact *ngIf="user?.human" [human]="user.human" [state]="user.state" canWrite="true"
@@ -64,8 +64,12 @@
     </div>
 
     <div *ngIf="user" class="side" metainfo>
-        <div class="details">
-            <div class="row" *ngIf="user?.preferredLoginName">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="user?.id" class="second">{{ user.id }}</span>
+            </div>
+            <div class="meta-row" *ngIf="user?.preferredLoginName">
                 <span class="first">{{'USER.PREFERRED_LOGINNAME' | translate}}</span>
                 <span class="second"><span style="display: block;">{{user.preferredLoginName}}</span></span>
             </div>
diff --git a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.scss b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.scss
index 851fdb4fb0..d36f7f5b3c 100644
--- a/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.scss
+++ b/console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.scss
@@ -65,40 +65,6 @@
   }
 }
 
-.side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: .8rem;
-        margin-right: .5rem;
-        white-space: nowrap;
-      }
-
-      .second {
-        font-size: .8rem;
-        text-overflow: ellipsis;
-        overflow: hidden;
-        margin-left: 1rem;
-        text-align: right;
-      }
-    }
-
-    .changes {
-      flex: 1;
-      min-height: 0;
-    }
-  }
-}
-
 .resendemail {
   margin-right: 1rem;
 }
diff --git a/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html b/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
index 1194cee981..5474e4634e 100644
--- a/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
+++ b/console/src/app/pages/users/user-detail/external-idps/external-idps.component.html
@@ -40,7 +40,7 @@
             <ng-container matColumnDef="actions" stickyEnd>
                 <th mat-header-cell *matHeaderCellDef></th>
                 <td mat-cell *matCellDef="let idp">
-                    <button mat-icon-button matTooltip="{{'ACTIONS.REMOVE' | translate}}"
+                    <button color="warn" mat-icon-button matTooltip="{{'ACTIONS.REMOVE' | translate}}"
                         (click)="removeExternalIdp(idp)">
                         <i class="las la-trash"></i>
                     </button>
diff --git a/console/src/app/pages/users/user-detail/memberships/memberships.component.html b/console/src/app/pages/users/user-detail/memberships/memberships.component.html
index f5010e16ec..9249a989ae 100644
--- a/console/src/app/pages/users/user-detail/memberships/memberships.component.html
+++ b/console/src/app/pages/users/user-detail/memberships/memberships.component.html
@@ -30,7 +30,7 @@
                 </div>
             </ng-template>
             <button [disabled]="disabled" class="add-img" (click)="addMember()" mat-icon-button
-                aria-label="add membership">
+                matTooltip="{{'ACTIONS.ADD' | translate}}" aria-label="add membership">
                 <mat-icon>add</mat-icon>
             </button>
             <span class="fill-space"></span>
diff --git a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html
index 634356493a..b430a4d878 100644
--- a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html
+++ b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.html
@@ -67,7 +67,7 @@
 
         <app-card *ngIf="user.human" title="{{ 'USER.LOGINMETHODS.TITLE' | translate }}"
             description="{{ 'USER.LOGINMETHODS.DESCRIPTION' | translate }}">
-            <button card-actions mat-icon-button (click)="refreshUser()">
+            <button card-actions mat-icon-button (click)="refreshUser()" matTooltip="{{'ACTIONS.REFRESH' | translate}}">
                 <mat-icon>refresh</mat-icon>
             </button>
             <app-contact disablePhoneCode="true"
@@ -97,12 +97,16 @@
     </div>
 
     <div *ngIf="user" class="side" metainfo>
-        <div class="details">
-            <div class="row" *ngIf="user?.preferredLoginName">
+        <div class="meta-details">
+            <div class="meta-row">
+                <span class="first">{{'RESOURCEID' | translate}}:</span>
+                <span *ngIf="user?.id" class="second">{{ user.id }}</span>
+            </div>
+            <div class="meta-row" *ngIf="user?.preferredLoginName">
                 <span class="first">{{'USER.PREFERRED_LOGINNAME' | translate}}</span>
                 <span class="second"><span style="display: block;">{{user.preferredLoginName}}</span></span>
             </div>
-            <div class="row">
+            <div class="meta-row">
                 <span class="first">{{'ORG.PAGES.STATE'  | translate}}</span>
                 <span *ngIf="user && user.state !== undefined" class="state"
                     [ngClass]="{'active': user.state === UserState.USERSTATE_ACTIVE, 'inactive': user.state === UserState.USERSTATE_INACTIVE}">{{'USER.DATA.STATE'+user.state | translate}}</span>
diff --git a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.scss b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.scss
index 7e6257f7e4..0f113e67c5 100644
--- a/console/src/app/pages/users/user-detail/user-detail/user-detail.component.scss
+++ b/console/src/app/pages/users/user-detail/user-detail/user-detail.component.scss
@@ -29,51 +29,6 @@
 }
 
 .side {
-  .details {
-    margin-bottom: 1rem;
-    border-bottom: 1px solid #81868a40;
-    padding-bottom: 1rem;
-
-    .row {
-      display: flex;
-      margin-bottom: .5rem;
-      align-items: center;
-
-      .first {
-        flex: 1;
-        font-size: 13px;
-        margin-right: .5rem;
-        white-space: nowrap;
-      }
-
-      .second {
-        font-size: .13px;
-        text-overflow: ellipsis;
-        overflow: hidden;
-        margin-left: 1rem;
-        text-align: right;
-      }
-
-      .state {
-        border-radius: 50vw;
-        padding: 2px .5rem;
-        letter-spacing: .05em;
-        font-size: 11px;
-        background-color: #8795a120;
-
-        &.active {
-          background-color: #85d996;
-          color: black;
-        }
-
-        &.inactive {
-          background-color: #ff8981;
-          color: black;
-        }
-      }
-    }
-  }
-
   .changes {
     flex: 1;
     min-height: 0;
diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
index be36063fb6..4feeac9ab1 100644
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -95,6 +95,7 @@
         "SEND":"Senden",
         "NEWVALUE":"Neuer Wert"
     },
+    "RESOURCEID":"Ressourcen-ID",
     "TABLE": {
         "NOROWS":"Keine Daten"
     },
diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
index 1c2446e98e..9fa4a9e2cc 100644
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -95,6 +95,7 @@
         "SEND":"Send",
         "NEWVALUE":"New Value"
     },
+    "RESOURCEID":"Resource Id",
     "TABLE": {
         "NOROWS":"No data"
     },
diff --git a/console/src/component-themes.scss b/console/src/component-themes.scss
index 3f8d7983fd..40f16d4354 100644
--- a/console/src/component-themes.scss
+++ b/console/src/component-themes.scss
@@ -6,6 +6,7 @@
 @import './styles/sidenav-list';
 @import 'src/app/modules/avatar/avatar.component';
 @import 'src/app/modules/changes/changes.component';
+@import 'src/app/modules/info-section/info-section.component';
 @import 'src/app/modules/detail-layout/detail-layout.component';
 @import 'src/app/pages/projects/owned-projects/owned-project-detail/application-grid/application-grid.component';
 @import 'src/app/pages/users/user-detail/auth-user-detail/theme-setting/theme-card';
@@ -13,6 +14,7 @@
 @import 'src/app/app.component.scss';
 @import 'src/app/modules/form-field/form-field.component.scss';
 @import 'src/app/modules/label/label.component.scss';
+@import 'src/app/modules/meta-layout/meta.scss';
 
 @mixin component-themes($theme) {
   @include avatar-theme($theme);
@@ -30,4 +32,6 @@
   @include cnsl-label-theme($theme);
   @include cnsl-error-theme($theme);
   @include link-theme($theme);
+  @include meta-theme($theme);
+  @include info-section-theme($theme);
 }
diff --git a/console/src/styles/error.scss b/console/src/styles/error.scss
index 02ff8722c7..2f3eca2cf3 100644
--- a/console/src/styles/error.scss
+++ b/console/src/styles/error.scss
@@ -11,9 +11,5 @@
     font-size: 12px;
     color: $warn-color;
     margin-bottom: 5px;
-
-    // &.block {
-    //   display: block;
-    // }
   }
 }
diff --git a/console/src/styles/input.scss b/console/src/styles/input.scss
index 886e23ee8a..27992d3db3 100644
--- a/console/src/styles/input.scss
+++ b/console/src/styles/input.scss
@@ -54,7 +54,11 @@
 
     &[disabled] {
         border-color: if($is-dark-theme,#36373850,#cccdce50);
-        cursor: not-allowed;
+        color: if($is-dark-theme, #ffffff80 ,#00000061);
+
+        &::placeholder {
+            color: if($is-dark-theme, #ffffff80 ,#00000061);
+        }
     }
   }
 
diff --git a/go.mod b/go.mod
index 0d094e96ea..e17500909b 100644
--- a/go.mod
+++ b/go.mod
@@ -15,9 +15,9 @@ require (
 	github.com/allegro/bigcache v1.2.1
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc
 	github.com/caos/logging v0.0.2
-	github.com/caos/oidc v0.12.5
+	github.com/caos/oidc v0.13.0
 	github.com/cockroachdb/cockroach-go/v2 v2.0.8
-	github.com/envoyproxy/protoc-gen-validate v0.1.0
+	github.com/envoyproxy/protoc-gen-validate v0.4.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/mock v1.4.4
diff --git a/go.sum b/go.sum
index 7d586eff55..bbed0c03a4 100644
--- a/go.sum
+++ b/go.sum
@@ -82,8 +82,8 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/caos/logging v0.0.2 h1:ebg5C/HN0ludYR+WkvnFjwSExF4wvyiWPyWGcKMYsoo=
 github.com/caos/logging v0.0.2/go.mod h1:9LKiDE2ChuGv6CHYif/kiugrfEXu9AwDiFWSreX7Wp0=
-github.com/caos/oidc v0.12.5 h1:BN3iu6ZokOIbuoOkLRX/tAZPAfVoTXIkYflKmV156U8=
-github.com/caos/oidc v0.12.5/go.mod h1:dLvfYUiAt9ORfl77L/KkcWuR/N0ll8Ry1nD2ERsamDY=
+github.com/caos/oidc v0.13.0 h1:l1IKrqV3HaS2TfseuC5kOR3DdEPfY9AbJXuZ7dsIEQo=
+github.com/caos/oidc v0.13.0/go.mod h1:dLvfYUiAt9ORfl77L/KkcWuR/N0ll8Ry1nD2ERsamDY=
 github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -113,6 +113,8 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v0.4.1 h1:7dLaJvASGRD7X49jSCSXXHwKPm0ZN9r9kJD+p+vS7dM=
+github.com/envoyproxy/protoc-gen-validate v0.4.1/go.mod h1:E+IEazqdaWv3FrnGtZIu3b9fPFMK8AzeTTrk9SfVwWs=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
 github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
@@ -220,6 +222,10 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7 h1:ux/56T2xqZO/3cP1I2F86qpeoYPCOzk+KF/UH/Ar+lk=
+github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6 h1:UDMh68UUwekSh5iP2OMhRRZJiiBccgV7axzUG8vi56c=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
@@ -278,6 +284,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -292,6 +300,7 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.4.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
@@ -320,6 +329,7 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
@@ -343,6 +353,10 @@ github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM=
 github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4=
+github.com/spf13/afero v1.3.3 h1:p5gZEKLYoL7wh8VrJesMaYeNxdEd1v3cb4irOk9zB54=
+github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.3.4 h1:8q6vk3hthlpb2SouZcnBVKboxWQWMDNF38bwholZrJc=
+github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
@@ -575,6 +589,7 @@ golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWc
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200701151220-7cb253f4c4f8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200713011307-fd294ab11aed/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
diff --git a/internal/api/grpc/management/application_converter.go b/internal/api/grpc/management/application_converter.go
index 07c4542107..e3ebafa396 100644
--- a/internal/api/grpc/management/application_converter.go
+++ b/internal/api/grpc/management/application_converter.go
@@ -6,6 +6,7 @@ import (
 	"github.com/caos/logging"
 	"github.com/golang/protobuf/ptypes"
 	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/caos/zitadel/internal/eventstore/models"
@@ -59,6 +60,8 @@ func oidcConfigFromModel(config *proj_model.OIDCConfig) *management.OIDCConfig {
 		AccessTokenType:          oidcTokenTypeFromModel(config.AccessTokenType),
 		AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
 		IdTokenRoleAssertion:     config.IDTokenRoleAssertion,
+		IdTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
+		ClockSkew:                durationpb.New(config.ClockSkew),
 	}
 }
 
@@ -78,6 +81,8 @@ func oidcConfigFromApplicationViewModel(app *proj_model.ApplicationView) *manage
 		AccessTokenType:          oidcTokenTypeFromModel(app.AccessTokenType),
 		AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
 		IdTokenRoleAssertion:     app.IDTokenRoleAssertion,
+		IdTokenUserinfoAssertion: app.IDTokenUserinfoAssertion,
+		ClockSkew:                durationpb.New(app.ClockSkew),
 	}
 }
 
@@ -109,6 +114,8 @@ func oidcAppCreateToModel(app *management.OIDCApplicationCreate) *proj_model.App
 			AccessTokenType:          oidcTokenTypeToModel(app.AccessTokenType),
 			AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
 			IDTokenRoleAssertion:     app.IdTokenRoleAssertion,
+			IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
+			ClockSkew:                app.ClockSkew.AsDuration(),
 		},
 	}
 }
@@ -139,6 +146,8 @@ func oidcConfigUpdateToModel(app *management.OIDCConfigUpdate) *proj_model.OIDCC
 		AccessTokenType:          oidcTokenTypeToModel(app.AccessTokenType),
 		AccessTokenRoleAssertion: app.AccessTokenRoleAssertion,
 		IDTokenRoleAssertion:     app.IdTokenRoleAssertion,
+		IDTokenUserinfoAssertion: app.IdTokenUserinfoAssertion,
+		ClockSkew:                app.ClockSkew.AsDuration(),
 	}
 }
 
diff --git a/internal/api/oidc/client_converter.go b/internal/api/oidc/client_converter.go
index 94eac96f76..a1d9153826 100644
--- a/internal/api/oidc/client_converter.go
+++ b/internal/api/oidc/client_converter.go
@@ -110,6 +110,14 @@ func (c *Client) IsScopeAllowed(scope string) bool {
 	return false
 }
 
+func (c *Client) ClockSkew() time.Duration {
+	return c.ApplicationView.ClockSkew
+}
+
+func (c *Client) IDTokenUserinfoClaimsAssertion() bool {
+	return c.ApplicationView.IDTokenUserinfoAssertion
+}
+
 func accessTokenTypeToOIDC(tokenType model.OIDCTokenType) op.AccessTokenType {
 	switch tokenType {
 	case model.OIDCTokenTypeBearer:
diff --git a/internal/project/model/application_view.go b/internal/project/model/application_view.go
index e6c5d334c3..97fcb8a751 100644
--- a/internal/project/model/application_view.go
+++ b/internal/project/model/application_view.go
@@ -32,6 +32,8 @@ type ApplicationView struct {
 	AccessTokenType            OIDCTokenType
 	IDTokenRoleAssertion       bool
 	AccessTokenRoleAssertion   bool
+	IDTokenUserinfoAssertion   bool
+	ClockSkew                  time.Duration
 
 	Sequence uint64
 }
diff --git a/internal/project/model/oidc_config.go b/internal/project/model/oidc_config.go
index 1f267c8f60..8c04b9fba5 100644
--- a/internal/project/model/oidc_config.go
+++ b/internal/project/model/oidc_config.go
@@ -3,6 +3,7 @@ package model
 import (
 	"fmt"
 	"strings"
+	"time"
 
 	"github.com/caos/logging"
 
@@ -37,6 +38,8 @@ type OIDCConfig struct {
 	AccessTokenType          OIDCTokenType
 	AccessTokenRoleAssertion bool
 	IDTokenRoleAssertion     bool
+	IDTokenUserinfoAssertion bool
+	ClockSkew                time.Duration
 }
 
 type OIDCVersion int32
diff --git a/internal/project/repository/eventsourcing/model/oidc_config.go b/internal/project/repository/eventsourcing/model/oidc_config.go
index 29360be1d5..c489742936 100644
--- a/internal/project/repository/eventsourcing/model/oidc_config.go
+++ b/internal/project/repository/eventsourcing/model/oidc_config.go
@@ -3,6 +3,7 @@ package model
 import (
 	"encoding/json"
 	"reflect"
+	"time"
 
 	"github.com/caos/logging"
 
@@ -27,6 +28,8 @@ type OIDCConfig struct {
 	AccessTokenType          int32               `json:"accessTokenType,omitempty"`
 	AccessTokenRoleAssertion bool                `json:"accessTokenRoleAssertion,omitempty"`
 	IDTokenRoleAssertion     bool                `json:"idTokenRoleAssertion,omitempty"`
+	IDTokenUserinfoAssertion bool                `json:"idTokenUserinfoAssertion,omitempty"`
+	ClockSkew                time.Duration       `json:"clockSkew,omitempty"`
 }
 
 func (c *OIDCConfig) Changes(changed *OIDCConfig) map[string]interface{} {
@@ -65,6 +68,12 @@ func (c *OIDCConfig) Changes(changed *OIDCConfig) map[string]interface{} {
 	if c.IDTokenRoleAssertion != changed.IDTokenRoleAssertion {
 		changes["idTokenRoleAssertion"] = changed.IDTokenRoleAssertion
 	}
+	if c.IDTokenUserinfoAssertion != changed.IDTokenUserinfoAssertion {
+		changes["idTokenUserinfoAssertion"] = changed.IDTokenUserinfoAssertion
+	}
+	if c.ClockSkew != changed.ClockSkew {
+		changes["clockSkew"] = changed.ClockSkew
+	}
 	return changes
 }
 
@@ -93,6 +102,8 @@ func OIDCConfigFromModel(config *model.OIDCConfig) *OIDCConfig {
 		AccessTokenType:          int32(config.AccessTokenType),
 		AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
 		IDTokenRoleAssertion:     config.IDTokenRoleAssertion,
+		IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
+		ClockSkew:                config.ClockSkew,
 	}
 }
 
@@ -121,6 +132,8 @@ func OIDCConfigToModel(config *OIDCConfig) *model.OIDCConfig {
 		AccessTokenType:          model.OIDCTokenType(config.AccessTokenType),
 		AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
 		IDTokenRoleAssertion:     config.IDTokenRoleAssertion,
+		IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
+		ClockSkew:                config.ClockSkew,
 	}
 	oidcConfig.FillCompliance()
 	return oidcConfig
diff --git a/internal/project/repository/view/model/application.go b/internal/project/repository/view/model/application.go
index aa38c325fd..9cfa7d2684 100644
--- a/internal/project/repository/view/model/application.go
+++ b/internal/project/repository/view/model/application.go
@@ -48,6 +48,8 @@ type ApplicationView struct {
 	AccessTokenType            int32          `json:"accessTokenType" gorm:"column:access_token_type"`
 	AccessTokenRoleAssertion   bool           `json:"accessTokenRoleAssertion" gorm:"column:access_token_role_assertion"`
 	IDTokenRoleAssertion       bool           `json:"idTokenRoleAssertion" gorm:"column:id_token_role_assertion"`
+	IDTokenUserinfoAssertion   bool           `json:"idTokenUserinfoAssertion" gorm:"column:id_token_userinfo_assertion"`
+	ClockSkew                  time.Duration  `json:"clockSkew" gorm:"column:clock_skew"`
 
 	Sequence uint64 `json:"-" gorm:"sequence"`
 }
@@ -80,6 +82,8 @@ func ApplicationViewToModel(app *ApplicationView) *model.ApplicationView {
 		AccessTokenType:            model.OIDCTokenType(app.AccessTokenType),
 		AccessTokenRoleAssertion:   app.AccessTokenRoleAssertion,
 		IDTokenRoleAssertion:       app.IDTokenRoleAssertion,
+		IDTokenUserinfoAssertion:   app.IDTokenUserinfoAssertion,
+		ClockSkew:                  app.ClockSkew,
 	}
 }
 
diff --git a/migrations/cockroach/V1.23__application_view.sql b/migrations/cockroach/V1.23__application_view.sql
new file mode 100644
index 0000000000..47d87e8f80
--- /dev/null
+++ b/migrations/cockroach/V1.23__application_view.sql
@@ -0,0 +1,7 @@
+ALTER TABLE management.applications ADD COLUMN id_token_userinfo_assertion BOOLEAN;
+ALTER TABLE auth.applications ADD COLUMN id_token_userinfo_assertion BOOLEAN;
+ALTER TABLE authz.applications ADD COLUMN id_token_userinfo_assertion BOOLEAN;
+
+ALTER TABLE management.applications ADD COLUMN clock_skew BIGINT;
+ALTER TABLE auth.applications ADD COLUMN clock_skew BIGINT;
+ALTER TABLE authz.applications ADD COLUMN clock_skew BIGINT;
diff --git a/pkg/grpc/management/proto/management.proto b/pkg/grpc/management/proto/management.proto
index 52f76c0611..d4184d9eb4 100644
--- a/pkg/grpc/management/proto/management.proto
+++ b/pkg/grpc/management/proto/management.proto
@@ -4,6 +4,7 @@ import "google/api/annotations.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/timestamp.proto";
+import "google/protobuf/duration.proto";
 import "protoc-gen-swagger/options/annotations.proto";
 import "validate/validate.proto";
 import "authoption/options.proto";
@@ -69,7 +70,7 @@ service ManagementService {
     };
   }
 
-rpc GetUserByID(UserID) returns (UserView) {
+  rpc GetUserByID(UserID) returns (UserView) {
     option (google.api.http) = {
       get: "/users/{id}"
     };
@@ -1198,93 +1199,93 @@ rpc GetUserByID(UserID) returns (UserView) {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "user.grant.delete"
+      permission: "user.grant.delete"
     };
   }
 
   rpc IdpByID(IdpID) returns (IdpView) {
     option (google.api.http) = {
-        get: "/orgs/me/idps/{id}"
+      get: "/orgs/me/idps/{id}"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.read"
+      permission: "org.idp.read"
     };
   }
 
   rpc CreateOidcIdp(OidcIdpConfigCreate) returns (Idp) {
     option (google.api.http) = {
-        post: "/orgs/me/idps/oidc"
-        body: "*"
+      post: "/orgs/me/idps/oidc"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc UpdateIdpConfig(IdpUpdate) returns (Idp) {
     option (google.api.http) = {
-        put: "/orgs/me/idps/{id}"
-        body: "*"
+      put: "/orgs/me/idps/{id}"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc DeactivateIdpConfig(IdpID) returns (Idp) {
     option (google.api.http) = {
-        put: "/orgs/me/idps/{id}/_deactivate"
-        body: "*"
+      put: "/orgs/me/idps/{id}/_deactivate"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc ReactivateIdpConfig(IdpID) returns (Idp) {
     option (google.api.http) = {
-        put: "/orgs/me/idps/{id}/_reactivate"
-        body: "*"
+      put: "/orgs/me/idps/{id}/_reactivate"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc RemoveIdpConfig(IdpID) returns (google.protobuf.Empty) {
     option (google.api.http) = {
-        delete: "/orgs/me/idps/{id}"
+      delete: "/orgs/me/idps/{id}"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc UpdateOidcIdpConfig(OidcIdpConfigUpdate) returns (OidcIdpConfig) {
     option (google.api.http) = {
-        put: "/orgs/me/idps/{idp_id}/oidcconfig"
-        body: "*"
+      put: "/orgs/me/idps/{idp_id}/oidcconfig"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.write"
+      permission: "org.idp.write"
     };
   }
 
   rpc SearchIdps(IdpSearchRequest) returns (IdpSearchResponse) {
     option (google.api.http) = {
-        post: "/orgs/me/idps/_search"
-        body: "*"
+      post: "/orgs/me/idps/_search"
+      body: "*"
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-        permission: "org.idp.read"
+      permission: "org.idp.read"
     };
   }
 
@@ -1374,64 +1375,64 @@ rpc GetUserByID(UserID) returns (UserView) {
 
   rpc GetLoginPolicySecondFactors(google.protobuf.Empty) returns (SecondFactorsResult) {
     option (google.api.http) = {
-            get: "/orgs/me/policies/login/secondfactors/_search"
-        };
+      get: "/orgs/me/policies/login/secondfactors/_search"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.read"
-        };
+      permission: "iam.policy.read"
+    };
   }
 
   rpc AddSecondFactorToLoginPolicy(SecondFactor) returns (SecondFactor) {
     option (google.api.http) = {
-            post: "/orgs/me/policies/login/secondfactors"
-            body: "*"
-        };
+      post: "/orgs/me/policies/login/secondfactors"
+      body: "*"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.write"
-        };
+      permission: "iam.policy.write"
+    };
   }
 
   rpc RemoveSecondFactorFromLoginPolicy(SecondFactor) returns (google.protobuf.Empty) {
     option (google.api.http) = {
-            delete: "/orgs/me/policies/login/secondfactors/{second_factor}"
-        };
+      delete: "/orgs/me/policies/login/secondfactors/{second_factor}"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.write"
-        };
+      permission: "iam.policy.write"
+    };
   }
 
   rpc GetLoginPolicyMultiFactors(google.protobuf.Empty) returns (MultiFactorsResult) {
     option (google.api.http) = {
-            get: "/orgs/me/policies/login/multifactors/_search"
-        };
+      get: "/orgs/me/policies/login/multifactors/_search"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.read"
-        };
+      permission: "iam.policy.read"
+    };
   }
 
   rpc AddMultiFactorToLoginPolicy(MultiFactor) returns (MultiFactor) {
     option (google.api.http) = {
-            post: "/orgs/me/policies/login/multifactors"
-            body: "*"
-        };
+      post: "/orgs/me/policies/login/multifactors"
+      body: "*"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.write"
-        };
+      permission: "iam.policy.write"
+    };
   }
 
   rpc RemoveMultiFactorFromLoginPolicy(MultiFactor) returns (google.protobuf.Empty) {
     option (google.api.http) = {
-            delete: "/orgs/me/policies/login/multifactors/{multi_factor}"
-        };
+      delete: "/orgs/me/policies/login/multifactors/{multi_factor}"
+    };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "iam.policy.write"
-        };
+      permission: "iam.policy.write"
+    };
   }
 
   rpc GetPasswordComplexityPolicy(google.protobuf.Empty) returns (PasswordComplexityPolicyView) {
@@ -2000,7 +2001,7 @@ message UserAddress {
   google.protobuf.Timestamp change_date = 9;
 }
 
-message UserAddressView { 
+message UserAddressView {
   string id = 1;
   string country = 2;
   string locality = 3;
@@ -2510,6 +2511,8 @@ message OIDCConfig {
   OIDCTokenType access_token_type = 13;
   bool access_token_role_assertion = 14;
   bool id_token_role_assertion = 15;
+  bool id_token_userinfo_assertion = 16;
+  google.protobuf.Duration clock_skew = 17;
 }
 
 message OIDCApplicationCreate {
@@ -2526,6 +2529,8 @@ message OIDCApplicationCreate {
   OIDCTokenType access_token_type = 11;
   bool access_token_role_assertion = 12;
   bool id_token_role_assertion = 13;
+  bool id_token_userinfo_assertion = 14;
+  google.protobuf.Duration clock_skew = 15 [(validate.rules).duration = {gte: {}, lte: {seconds: 5}}];
 }
 
 enum OIDCVersion {
@@ -2533,8 +2538,8 @@ enum OIDCVersion {
 }
 
 enum OIDCTokenType {
-    OIDCTokenType_Bearer = 0;
-    OIDCTokenType_JWT = 1;
+  OIDCTokenType_Bearer = 0;
+  OIDCTokenType_JWT = 1;
 }
 
 message OIDCConfigUpdate {
@@ -2550,6 +2555,8 @@ message OIDCConfigUpdate {
   OIDCTokenType access_token_type = 10;
   bool access_token_role_assertion = 11;
   bool id_token_role_assertion = 12;
+  bool id_token_userinfo_assertion = 13;
+  google.protobuf.Duration clock_skew = 14 [(validate.rules).duration = {gte: {}, lte: {seconds: 5}}];
 }
 
 enum OIDCResponseType {
@@ -2931,35 +2938,35 @@ enum MemberType {
 }
 
 message IdpID {
-    string id = 1 [(validate.rules).string = {min_len: 1}];
+  string id = 1 [(validate.rules).string = {min_len: 1}];
 }
 
 message Idp {
-    string id = 1;
-    IdpState state = 2;
-    google.protobuf.Timestamp creation_date = 3;
-    google.protobuf.Timestamp change_date = 4;
-    string name = 5;
-    IdpStylingType styling_type = 6;
-    oneof idp_config {
-        OidcIdpConfig oidc_config = 7;
-    }
-    uint64 sequence = 8;
+  string id = 1;
+  IdpState state = 2;
+  google.protobuf.Timestamp creation_date = 3;
+  google.protobuf.Timestamp change_date = 4;
+  string name = 5;
+  IdpStylingType styling_type = 6;
+  oneof idp_config {
+    OidcIdpConfig oidc_config = 7;
+  }
+  uint64 sequence = 8;
 }
 
 message IdpUpdate {
-    string id = 1 [(validate.rules).string = {min_len: 1}];
-    string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    IdpStylingType styling_type = 3;
+  string id = 1 [(validate.rules).string = {min_len: 1}];
+  string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  IdpStylingType styling_type = 3;
 }
 
 message OidcIdpConfig {
-    string client_id = 1;
-    string client_secret = 2;
-    string issuer = 3;
-    repeated string scopes = 4;
-    OIDCMappingField idp_display_name_mapping = 5;
-    OIDCMappingField username_mapping = 6;
+  string client_id = 1;
+  string client_secret = 2;
+  string issuer = 3;
+  repeated string scopes = 4;
+  OIDCMappingField idp_display_name_mapping = 5;
+  OIDCMappingField username_mapping = 6;
 }
 
 enum IdpStylingType {
@@ -2968,9 +2975,9 @@ enum IdpStylingType {
 }
 
 enum IdpState {
-    IDPCONFIGSTATE_UNSPECIFIED = 0;
-    IDPCONFIGSTATE_ACTIVE = 1;
-    IDPCONFIGSTATE_INACTIVE = 2;
+  IDPCONFIGSTATE_UNSPECIFIED = 0;
+  IDPCONFIGSTATE_ACTIVE = 1;
+  IDPCONFIGSTATE_INACTIVE = 2;
 }
 
 enum OIDCMappingField {
@@ -2980,83 +2987,83 @@ enum OIDCMappingField {
 }
 
 message OidcIdpConfigCreate {
-    string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    IdpStylingType styling_type = 2;
-    string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    repeated string scopes = 6;
-    OIDCMappingField idp_display_name_mapping = 7;
-    OIDCMappingField username_mapping = 8;
+  string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  IdpStylingType styling_type = 2;
+  string client_id = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  repeated string scopes = 6;
+  OIDCMappingField idp_display_name_mapping = 7;
+  OIDCMappingField username_mapping = 8;
 }
 
 message OidcIdpConfigUpdate {
-    string idp_id = 1 [(validate.rules).string = {min_len: 1}];
-    string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    string client_secret = 3;
-    string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
-    repeated string scopes = 5;
-    OIDCMappingField idp_display_name_mapping = 6;
-    OIDCMappingField username_mapping = 7;
+  string idp_id = 1 [(validate.rules).string = {min_len: 1}];
+  string client_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string client_secret = 3;
+  string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  repeated string scopes = 5;
+  OIDCMappingField idp_display_name_mapping = 6;
+  OIDCMappingField username_mapping = 7;
 }
 
 message IdpSearchResponse {
-    uint64 offset = 1;
-    uint64 limit = 2;
-    uint64 total_result = 3;
-    repeated IdpView result = 4;
-    uint64 processed_sequence = 5;
-    google.protobuf.Timestamp view_timestamp = 6;
+  uint64 offset = 1;
+  uint64 limit = 2;
+  uint64 total_result = 3;
+  repeated IdpView result = 4;
+  uint64 processed_sequence = 5;
+  google.protobuf.Timestamp view_timestamp = 6;
 }
 
 message IdpView {
-    string id = 1;
-    IdpState state = 2;
-    google.protobuf.Timestamp creation_date = 3;
-    google.protobuf.Timestamp change_date = 4;
-    string name = 5;
-    IdpStylingType styling_type = 6;
-    IdpProviderType provider_type = 7;
-    oneof idp_config_view {
-        OidcIdpConfigView oidc_config = 8;
-    }
-    uint64 sequence = 9;
+  string id = 1;
+  IdpState state = 2;
+  google.protobuf.Timestamp creation_date = 3;
+  google.protobuf.Timestamp change_date = 4;
+  string name = 5;
+  IdpStylingType styling_type = 6;
+  IdpProviderType provider_type = 7;
+  oneof idp_config_view {
+    OidcIdpConfigView oidc_config = 8;
+  }
+  uint64 sequence = 9;
 }
 
 message OidcIdpConfigView {
-    string client_id = 1;
-    string issuer = 2;
-    repeated string scopes = 3;
-    OIDCMappingField idp_display_name_mapping = 4;
-    OIDCMappingField username_mapping = 5;
+  string client_id = 1;
+  string issuer = 2;
+  repeated string scopes = 3;
+  OIDCMappingField idp_display_name_mapping = 4;
+  OIDCMappingField username_mapping = 5;
 }
 
 message IdpSearchRequest {
-    uint64 offset = 1;
-    uint64 limit = 2;
-    repeated IdpSearchQuery queries = 3;
+  uint64 offset = 1;
+  uint64 limit = 2;
+  repeated IdpSearchQuery queries = 3;
 }
 
 message IdpSearchQuery {
-    IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
-    SearchMethod method = 2;
-    string value = 3;
+  IdpSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
+  SearchMethod method = 2;
+  string value = 3;
 }
 
 enum IdpSearchKey {
-    IDPSEARCHKEY_UNSPECIFIED = 0;
-    IDPSEARCHKEY_IDP_CONFIG_ID = 1;
-    IDPSEARCHKEY_NAME = 2;
-    IDPSEARCHKEY_PROVIDER_TYPE = 3;
+  IDPSEARCHKEY_UNSPECIFIED = 0;
+  IDPSEARCHKEY_IDP_CONFIG_ID = 1;
+  IDPSEARCHKEY_NAME = 2;
+  IDPSEARCHKEY_PROVIDER_TYPE = 3;
 }
 
 message LoginPolicy {
-    bool allow_username_password = 1;
-    bool allow_register = 2;
-    bool allow_external_idp = 3;
-    google.protobuf.Timestamp creation_date = 4;
-    google.protobuf.Timestamp change_date = 5;
-    bool force_mfa = 6;
+  bool allow_username_password = 1;
+  bool allow_register = 2;
+  bool allow_external_idp = 3;
+  google.protobuf.Timestamp creation_date = 4;
+  google.protobuf.Timestamp change_date = 5;
+  bool force_mfa = 6;
 }
 
 message LoginPolicyRequest {
@@ -3067,7 +3074,7 @@ message LoginPolicyRequest {
 }
 
 message IdpProviderID {
-    string idp_config_id = 1 [(validate.rules).string = {min_len: 1}];
+  string idp_config_id = 1 [(validate.rules).string = {min_len: 1}];
 }
 
 message IdpProviderAdd {
@@ -3081,25 +3088,25 @@ message IdpProvider {
 }
 
 message LoginPolicyView {
-    bool default = 1;
-    bool allow_username_password = 2;
-    bool allow_register = 3;
-    bool allow_external_idp = 4;
-    google.protobuf.Timestamp creation_date = 5;
-    google.protobuf.Timestamp change_date = 6;
-    bool force_mfa = 7;
+  bool default = 1;
+  bool allow_username_password = 2;
+  bool allow_register = 3;
+  bool allow_external_idp = 4;
+  google.protobuf.Timestamp creation_date = 5;
+  google.protobuf.Timestamp change_date = 6;
+  bool force_mfa = 7;
 }
 
 message IdpProviderView {
-    string idp_config_id = 1;
-    string name = 2;
-    IdpType type = 3;
+  string idp_config_id = 1;
+  string name = 2;
+  IdpType type = 3;
 }
 
 enum IdpType {
-    IDPTYPE_UNSPECIFIED = 0;
-    IDPTYPE_OIDC = 1;
-    IDPTYPE_SAML = 2;
+  IDPTYPE_UNSPECIFIED = 0;
+  IDPTYPE_OIDC = 1;
+  IDPTYPE_SAML = 2;
 }
 
 enum IdpProviderType {
@@ -3109,17 +3116,17 @@ enum IdpProviderType {
 }
 
 message IdpProviderSearchResponse {
-    uint64 offset = 1;
-    uint64 limit = 2;
-    uint64 total_result = 3;
-    repeated IdpProviderView result = 4;
-    uint64 processed_sequence = 5;
-    google.protobuf.Timestamp view_timestamp = 6;
+  uint64 offset = 1;
+  uint64 limit = 2;
+  uint64 total_result = 3;
+  repeated IdpProviderView result = 4;
+  uint64 processed_sequence = 5;
+  google.protobuf.Timestamp view_timestamp = 6;
 }
 
 message IdpProviderSearchRequest {
-    uint64 offset = 1;
-    uint64 limit = 2;
+  uint64 offset = 1;
+  uint64 limit = 2;
 }
 
 //ProjectType is deprecated, remove as soon as console is ready