Open TakumiHaruta opened 1 year ago
fforootd
commented
1 year ago Do I understand you correct that you want to access ZITADELs API's with a PAT (Personal Access Static) which can be statically sent along as authorization header?
Our do you mean something different?
TakumiHaruta
commented
1 year ago @fforootd Is PAT a static token right? The PR I opened is for a dynamic access token generated with OIDC in the frontend.
We don't want to let frontend engineers directly use Zitadel APIs, and wrap them in our own backend, so this feature is necessary to directly pass access token from the header in the client request to Zitadel APIs in the backend.
But I think the request format is almost the same as PAT one because it just uses Authorization header
fforootd
commented
1 year ago Ah I see. What you need is to run an api that get called with a token from a user and you want to use that token on ZITADEL's api.
@livio-a can you get the PR into a review schedule?
Description
Want to have the option to use a static token when it creating a connection. The example is below;
Context
Currently there seems to be only JWTProfile to authorize access from a system client to Zitadel APIs, but we have another use case in the backend, which is to reuse an access token in
Authorizationheader from the frontend request to the Zitadel APIs.