Hello Guys,
Hi,
I'm trying to create a service user from my frontend (not through the Zitadel console). However, the issue I'm facing is that my token is only an id_token, which means when I pass it to my custom API (which then uses the token to make API calls), it is not considered valid.
I also attempted a token exchange, but that didn't work for me either. Could you help me troubleshoot this issue?
Thanks in advance!
12 Replies
How did you get to the token?
the id_token i get via auth js in my svelte application
this is my configuration
this is the configuration of your app client. an app can't get a token. is it a human user authenticating through the login ui? or a service user? you can find the different options on how to authenticate a service user here: https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users
ZITADEL Docs
This guide explains ZITADEL service users and their role in facilitating secure machine-to-machine communication within your applications.
also the user you want to get a token for, what manager role does that user have in zitadel?
the user has the org owner role in zitadel
my approach was to log the user in through this app and pass the token i get to my api to make api calls in zitadel that creates a new service user
i want to be able to create service users inside my own frontend not the frontend of zitadel
when i do the api calls with the users token i got through the application i get Token is invalid from the zitadel api
if you want to use a token to acces the zitadel apis, you also need to include the audience of zitadel. you can do this with this scope: urn:zitadel:iam:org:project🆔zitadel:aud
ZITADEL Docs
ZITADEL supports the usage of scopes as way of requesting information from the IAM and also instruct ZITADEL to do certain operations.
uhhh that could help thanks a lot
i will tell you if it helped
hey, i still get: Status(StatusCode="Unauthenticated", Detail="Errors.Token.Invalid (AUTH-7fs1e)")
this are my scopes
this is my token per jwt.io decoder
i really dont understand what the problem is
can i even access the api with a id_token?