Get access to introspection response

[fabiante]

Hi, I followed the guide on how to introspect tokens in Go.

While I got this to work with both auth code and PATs, I wonder: Given the guides example code, is there even a way to get the introspected token?

func main() {
    flag.Parse()

    introspection, err := http_mw.NewIntrospectionInterceptor(*issuer, middleware.OSKeyPath())
    if err != nil {
        log.Fatal(err)
    }

    router := http.NewServeMux()
    router.HandleFunc("/public", writeOK)
    router.HandleFunc("/protected", introspection.HandlerFunc(writeOK))

    lis := "127.0.0.1:5001"
    log.Fatal(http.ListenAndServe(lis, router))
}

func writeOK(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("OK " + time.Now().String()))
}

I'd expect something like introspection.GetResult(ctx) or similar which allows to get the introspected token or similar.

How would I otherwise get access to the tokens actual claims like the users email, name, ... ?

[fforootd]

Hm, since we built this on top of zitadel/oidc you might want to have a look on this piece of code here which checks the token against the introspect endpoint https://github.com/zitadel/oidc/blob/main/example/client/api/api.go#L71C1-L72C1

[fabiante]

Oh, seems like a valid approach and I was just following the wrong idea.

I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to context.Context). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.

Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)

Thanks!

[fforootd]

Oh, seems like a valid approach and I was just following the wrong idea.

I have worked with Keycloak in the past and there I wrote all the securing-api stuff myself: Periodically fetch public keys from keycloak, use them to validate token signature and add token claims to request attributes (as values to context.Context). Coming from that I probably assumed a similar (although less complex) experience with the mentioned guide.

Anyway, I think this issue is resolved then. Looking forward to giving Zitadel a try for the API I am working on. Would love to have a more suitable solution to managing multi-tenant b2b products which I currently just don't see with Keycloak :)

Thanks!

Let me assure you that we will improve this SDK in the next few weeks. It will become more easy to interact with 😁

Thank you for trying ZITADEL in a B2B setting you will enjoy it more then a KC for sure.

[aleblanc70]

What did you put in you apikey.json to make it work ?