mirror of
https://github.com/zitadel/zitadel.git
synced 2025-02-28 21:17:23 +00:00
22d4c345be
* add assets, photoswipe html element to body * add single script, gallery for multiple items * update docs for image gallery * fix relative links * inject image script on mount * replace inline script * remove facebook, twitter, pinterest sharing * fix hover on share * fix start img aspect radio, reduce size * right align json script * right align go script * change script background
47 lines
1.7 KiB
Markdown
47 lines
1.7 KiB
Markdown
---
|
|
title: OpenID Connect & OAuth
|
|
description: ...
|
|
---
|
|
|
|
### Client Types / Profiles
|
|
|
|
#### Single Page Application
|
|
|
|
If your [client](administrate#Clients) is a single page application (SPA) we recommend that you use [Authorization Code](documentation#Authorization_Code) in combination with [Proof Key for Code Exchange](documentation#Proof_Key_for_Code_Exchange).
|
|
|
|
This flow has great support with most modern languages and frameworks and is the recommended default.
|
|
|
|
> In the OIDC and OAuth world this **client profile** is called "user-agent-based application"
|
|
|
|
#### Server Side Application
|
|
|
|
In the OIDC and OAuth world this client profile is called "web application"
|
|
|
|
#### Mobile App / Native App
|
|
|
|
In the OIDC and OAuth world this client profile is called "native application"
|
|
|
|
### How to consume authorizations in your application or service
|
|
|
|
---
|
|
|
|
With ZITADEL you can manage the [roles](administrate#Roles) a [project](administrate#Projects) supplies to your users in the form of authorizations.
|
|
On the [project](administrate#Projects) it can be configured how **project roles** are supplied to the [clients](administrate#Clients).
|
|
By default ZITADEL asserts the claim **urn:zitadel:iam:org:project:roles** to the [Userinfo Endpoint](documentation#userinfo_endpoint)
|
|
|
|
- Assert the claim **urn:zitadel:iam:org:project:roles** to **access_token**
|
|
- Assert the claim **urn:zitadel:iam:org:project:roles** to **id_token**
|
|
|
|
```JSON
|
|
"urn:zitadel:iam:org:project:roles": {
|
|
"user": {
|
|
"id1": "acme.zitadel.ch",
|
|
"id2": "caos.ch",
|
|
}
|
|
}
|
|
```
|
|
|
|
---
|
|
|
|
For more details about how **ZITADEL** treats [scopes](documentation#Scopes) and [claims](documentation#Claims) see the [documentations](documentation).
|