ef3b7482cd
* chore: cleanup old docs folder * remove docs path trigger * wip docs structure * chore: ignore site changes in ci * add manuals route * new structure * structure * Use correct title * remove trigger for code scan for static site generator * change names * add lorem ipsum to test styling * use h3 to deeplink * add site to dependabot * lint readme.md * remove not needed file * ignore site on pull request code scan * add initial contrib * Minor correction * Added section Developer & Integration * Changed link list layout, added labels, added translations * Added missing <li> tags * Added correct link to section Developer & Integration * Fixing list style * Overhauling description texts and translations * outline * teaser go * outline * wip * rework * wip * wip * wip * hop * wip * first draft for "administrate" done * init outline * fix deploy step * lint * commit wip * commit wip * md lint * Link * fix: path to edit (#711) * wip * wip * wip * what are... * use only features * wip docs * Update 00-user.en.md * project * uppercase en * wip * wip * wip * policies rework * improve text * correct typo * update readme * correct styling * add link to docs guides * make the linter happy * rename * wip * move api to own file * correct links and lint * wip roles and integration * add pkce * reduce padding and margin * wip scope and claims * wip claim & scopes * make the linter happy * insert links where possible * wip * wip roles & providers * Update README.md * Update 00-user.en.md * minor text improvements * use master branch to deploy * use proper ci file * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Matthias M. Schneider <mati@matimax.info> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
1.7 KiB
| title | description |
|---|---|
| OpenID Connect & OAuth | ... |
Client Types / Profiles
Single Page Application
If your client is a single page application (SPA) we recommend that you use Authorization Code in combination with Proof Key for Code Exchange.
This flow has great support with most modern languages and frameworks and is the recommended default.
In the OIDC and OAuth world this client profile is called "user-agent-based application"
Server Side Application
In the OIDC and OAuth world this client profile is called "web application"
Mobile App / Native App
In the OIDC and OAuth world this client profile is called "native application"
How to consume authorizations in your application or service
With ZITADEL you can manage the roles a project supplies to your users in the form of authorizations. On the project it can be configured how project roles are supplied to the clients. By default ZITADEL asserts the claim urn:zitadel:iam:org:project:roles to the Userinfo Endpoint
- Assert the claim urn:zitadel:iam:org:project:roles to access_token
- Assert the claim urn:zitadel:iam:org:project:roles to id_token
"urn:zitadel:iam:org:project:roles": {
"user": {
"id1": "acme.zitadel.ch",
"id2": "caos.ch",
}
}
For more details about how ZITADEL treats scopes and claims see the documentations.