22d4c345be
* add assets, photoswipe html element to body * add single script, gallery for multiple items * update docs for image gallery * fix relative links * inject image script on mount * replace inline script * remove facebook, twitter, pinterest sharing * fix hover on share * fix start img aspect radio, reduce size * right align json script * right align go script * change script background
1.7 KiB
| title | description |
|---|---|
| OpenID Connect & OAuth | ... |
Client Types / Profiles
Single Page Application
If your client is a single page application (SPA) we recommend that you use Authorization Code in combination with Proof Key for Code Exchange.
This flow has great support with most modern languages and frameworks and is the recommended default.
In the OIDC and OAuth world this client profile is called "user-agent-based application"
Server Side Application
In the OIDC and OAuth world this client profile is called "web application"
Mobile App / Native App
In the OIDC and OAuth world this client profile is called "native application"
How to consume authorizations in your application or service
With ZITADEL you can manage the roles a project supplies to your users in the form of authorizations. On the project it can be configured how project roles are supplied to the clients. By default ZITADEL asserts the claim urn:zitadel:iam:org:project:roles to the Userinfo Endpoint
- Assert the claim urn:zitadel:iam:org:project:roles to access_token
- Assert the claim urn:zitadel:iam:org:project:roles to id_token
"urn:zitadel:iam:org:project:roles": {
"user": {
"id1": "acme.zitadel.ch",
"id2": "caos.ch",
}
}
For more details about how ZITADEL treats scopes and claims see the documentations.