fforootd
commented
2 years ago @hifabienne @livio-a FYI
Open fforootd opened 2 years ago
fforootd
commented
2 years ago @hifabienne @livio-a FYI
MinDBreaK
commented
1 year ago Hello, Is there any workaround while this is implemented ?
fforootd
commented
1 year ago Hello, Is there any workaround while this is implemented ?
No not ATM, but out of curiosity what is hindering you to use a keyfile (the json zitadel generates for you)?
MinDBreaK
commented
1 year ago I am using the access token of a user to retrieve the list of the organizations it has access to, but I need to introspect the token. I might have missed the API that allow the inspection of another token ?
Probably the same as #186 I think, with the PR linked
fforootd
commented
1 year ago I am using the access token of a user to retrieve the list of the organizations it has access to, but I need to introspect the token. I might have missed the API that allow the inspection of another token ?
Probably the same as #186 I think, with the PR linked
The introspection endpoint needs a client authentication, in zitadel called an "api client" which will give you a json with a private key.
IMO it should be sufficient to setup the api client json (as key) and then to pass the token you have from the user to the sdk.
Somewhat like in this example https://github.com/zitadel/zitadel-go/blob/main/example/http/http.go
MinDBreaK
commented
1 year ago I need to execute request against Zitadel API with the context of the user. I'm using it's PAT to do this. I went with the solution mentioned in https://github.com/zitadel/zitadel-go/issues/212#issuecomment-1694351909
This is fine by me, But I think maybe some methods could be renamed as we are not exactly using "JWT" to access the API.
The keyfile could be used, but I would also like the ability to use env vars for example (unrelated issue)
I think we should also allow to use PATs with this library and not only JWT profile.