FYou need to add the token received from ZITADEL as authorization header
FAuthorization: Bearer <token>FZITADEL will then read the user of the token and return the userdata
FCan you share the code with me that you are using?
FThis looks not like the server receives the token as authorization header 
FLet me look into this tomorrow, I am not close to a PC at the moment
FHm just looked at the example and I think there is an error.
@adlerhurst since @livio is in holidays...
If we look at the auth example here https://github.com/zitadel/zitadel-go/blob/main/example/auth/auth.go#L27
It looks wrong to me that we need a JWT key for this. Accessing the Auth API to "getMyUser" should work with the bearer token of the user alone.
@adlerhurst since @livio is in holidays...
If we look at the auth example here https://github.com/zitadel/zitadel-go/blob/main/example/auth/auth.go#L27
It looks wrong to me that we need a JWT key for this. Accessing the Auth API to "getMyUser" should work with the bearer token of the user alone.
GitHub
ZITADEL Go - The official client library of ZITADEL for an easy integration into your Go project. - zitadel-go/auth.go at main · zitadel/zitadel-go
Ahey @Herxagon
If I get you right you want to get the response for a human user. If you want to read data from a user which is not the service account you can use the
If I get you right you want to get the response for a human user. If you want to read data from a user which is not the service account you can use the
GetUserByID call from the management apiF@adlerhurst I think our example client on go (examples/auth/) is wrong since it asks for a JWT key. IMO only the users token is relevant when calling the Auth API
A@Herxagon i will provide a description tomorrow, when im on my mac.
AThe auth api will always returns data about the user currently logged in which is the service user when using jwt profile. Maybe I have a lack about oauth jwt profile flow?
FYeah but he wants to access the user logged in with an authorization code flow
Basically he wants to use the already received token to read user data from the auth api.
Basically he wants to use the already received token to read user data from the auth api.
Ahi @Herxagon a basic description of the purpose of each service can be found here: https://docs.zitadel.com/docs/apis/introduction#apis
Currently zitadel-go implements jwtprofile flow which is used to authenticate service users (@FFO please correct me if I'm wrong). zitadel-go is currently not able to call the zitadel api on behalf of a user, it sends the token of the service, that's why you are not able to overwrite the authorisation header. If you overwrite the header, the flow does not correspond to the token received.
A frontend like the zitadel console or your http client implement different auth flows which allows them to use the token of the logged in user, that's why they get the information of the logged in user on /users/me
Currently zitadel-go implements jwtprofile flow which is used to authenticate service users (@FFO please correct me if I'm wrong). zitadel-go is currently not able to call the zitadel api on behalf of a user, it sends the token of the service, that's why you are not able to overwrite the authorisation header. If you overwrite the header, the flow does not correspond to the token received.
A frontend like the zitadel console or your http client implement different auth flows which allows them to use the token of the logged in user, that's why they get the information of the logged in user on /users/me
FUntil we got this straight...
The best process to access a users data anyway is to call the userinfo (or introspect) with the help of zitadel/oidc (our oidc compliant go lib)
The best process to access a users data anyway is to call the userinfo (or introspect) with the help of zitadel/oidc (our oidc compliant go lib)
FThe zitadel-go is needed if you want to allow the user to change its settings directly without going through our management api.
AI created an issue for further discussion of the purpose of the auth client: https://github.com/zitadel/zitadel-go/issues/161
GitHub
Currently I can only use the auth-api client to manipulate or read the service user. I am not able to call the api on behalf of a user, I'm not sure if this makes sense. In my opinion it wo...