Need help to understand how I can implement authorization for my custom service
Hello.
I want to integrate Zitadel in my custom solution.
I have web application and native agent for the linux. User should be able to register via my web application, and have access to my console ui. In the app user should be able to register new devices.
I think that registered device (it's the same native agent in linux) should use same account to access my internal api as the owner of the device(user).
I'm thinking of using device code authorization flow there, so my agent tries to authorize device, user will write down user-code, after webhook agent will be able to get token.
but what I need there is the I want to differentiate devices via their tokens. So whenever device uses my internal api I can understand exactly which device of user it was. So think having something like device_id in the token itself, but as user can have multiple devices I cannot just use user's metadata to inject custom claim there. I need each token to have different device_id's when used from agent.
2 Replies
Hi @merujan99, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Integrating Your Application with ZITADEL using RFC 8628 OAuth 2.0 Device Authorization Flow : This covers the device authorization flow setup and implementation but doesn't address device-specific token differentiation.
2. OAuth / Onboard User with additional Meta-Data : This discusses adding custom scopes and metadata to users, though custom scopes appear to have limitations in the current implementation.
Feel free to tag @Ask Inkeep with additional questions.
it could be also PAT for user human user with some info in it
or opaque token with custom metadata