Generating JWT for human user
I am using Zitadels Session API to validate the users.
The requirement now is tio have a way for the client to validate these tokens locally without calling the Zitadel API's to avoid calls to validate the token before evry action.
Since Zitadel Session tokens can only be validate at server side, I was looking for a solution if we can validate them locally (just call the Zitadel for checkign if the token is revoked)
Another solution I was trying to reach was to generate a JWT signed with private key which can contain the session token and shared with client, who can verify the JWT signature and avoid calling the Zitadel server for token introspection.
Although I am not able to figure out a way to create JWT for human users. I tried creating an API application inside the project to get the Private key , but the Jwks endpoint (/oauth/v2/keys) is not listing the kid that is present in the private key genrated inside the project application
Can someone please help me with a possible solution
The requirement now is tio have a way for the client to validate these tokens locally without calling the Zitadel API's to avoid calls to validate the token before evry action.
Since Zitadel Session tokens can only be validate at server side, I was looking for a solution if we can validate them locally (just call the Zitadel for checkign if the token is revoked)
Another solution I was trying to reach was to generate a JWT signed with private key which can contain the session token and shared with client, who can verify the JWT signature and avoid calling the Zitadel server for token introspection.
Although I am not able to figure out a way to create JWT for human users. I tried creating an API application inside the project to get the Private key , but the Jwks endpoint (/oauth/v2/keys) is not listing the kid that is present in the private key genrated inside the project application
Can someone please help me with a possible solution
