Closed fabiante closed 1 year ago
Hm, since we built this on top of zitadel/oidc you might want to have a look on this piece of code here which checks the token against the introspect endpoint https://github.com/zitadel/oidc/blob/main/example/client/api/api.go#L71C1-L72C1
Oh, seems like a valid approach and I was just following the wrong idea.
I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to context.Context
). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.
Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)
Thanks!
Oh, seems like a valid approach and I was just following the wrong idea.
I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to
context.Context
). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)
Thanks!
Let me assure you that we will improve this SDK in the next few weeks. It will become more easy to interact with 😁
Thank you for trying ZITADEL in a B2B setting you will enjoy it more then a KC for sure.
What did you put in you apikey.json to make it work ?
Hi, I followed the guide on how to introspect tokens in Go.
While I got this to work with both auth code and PATs, I wonder: Given the guides example code, is there even a way to get the introspected token?
I'd expect something like
introspection.GetResult(ctx)
or similar which allows to get the introspected token or similar.How would I otherwise get access to the tokens actual claims like the users email, name, ... ?