Rhi @StackingCache thanks for your question. what does your full curl command looks like that you did to generate the JWT token, but you can definitely try to give this a read that helps you in generating JWT token
https://zitadel.com/docs/apis/openidoauth/endpoints#token_endpoint
we do not have a
once you give it a read it will be cleaer to you
lmk if it helps while I look for your other quesries internally.
lmk if this helps
https://zitadel.com/docs/apis/openidoauth/endpoints#token_endpoint
we do not have a
grant_type as passowrd but insted it's urn:ietf:params:oauth:grant-type:jwt-beareronce you give it a read it will be cleaer to you
lmk if it helps while I look for your other quesries internally.
lmk if this helps
Rhi @StackingCache I will check wth my team internally as there could be a solution that could be done for enterprise
Rhi @StackingCache I was able to discuss this internally with my team.
If all you want is username/password (or other factors) in a single app they can use the session API directly to do the checks. They will obtain a session token. The sessions token is only valid for Zitadel API and is pretty much useless outside that use case. For some apps that's all they need.
For a token that can be shared inside an ecosystem, for example a webapp calling an API, you need an OIDC token. The only way to obtain that is to complete a login flow. That can be done against our login, or indeed you can build their own Login UI. However, the flow remains the same.
We have an issue open which would allow to exchange a session token for a OIDC token: https://github.com/zitadel/zitadel/issues/7900. Seeing it is part of the Login epic, I'm guessing this should be implemented in Q2 and available in Zitadel v4. No promises here tho. If you'd like to go for some kind of commercial contract or discuss further in that direction, we could be able to get more precise on the timeline
In any case, please let me know
cc @Raccine
If all you want is username/password (or other factors) in a single app they can use the session API directly to do the checks. They will obtain a session token. The sessions token is only valid for Zitadel API and is pretty much useless outside that use case. For some apps that's all they need.
For a token that can be shared inside an ecosystem, for example a webapp calling an API, you need an OIDC token. The only way to obtain that is to complete a login flow. That can be done against our login, or indeed you can build their own Login UI. However, the flow remains the same.
We have an issue open which would allow to exchange a session token for a OIDC token: https://github.com/zitadel/zitadel/issues/7900. Seeing it is part of the Login epic, I'm guessing this should be implemented in Q2 and available in Zitadel v4. No promises here tho. If you'd like to go for some kind of commercial contract or discuss further in that direction, we could be able to get more precise on the timeline
In any case, please let me know
cc @Raccine