Using Authenticated User Tokens for Zitadel API Calls Best Practices
Hi,
I have a question regarding reusing authenticated user's access token to perform some actions (not Zitadel actions, e.g. listing organization users, updating a user's role, updating a user's own avatar...), instead of relying on a service user, is it possible to use the logged in user's token to make actions?
What is the best practice around this, I had a chat with AI (ChatGPT) for reference: https://chatgpt.com/share/68c3128d-f9bc-8000-b1d4-368d3780dcee
ChatGPT
ChatGPT - User roles with Zitadel
A conversational AI system that listens, learns, and challenges
1 Reply
Hi @Joebeurg, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Authenticate service users and client applications : This covers service users which represent non-human entities for secure machine-to-machine communication and are used to access ZITADEL's APIs.
2. Configure personal access token authentication for service users : This demonstrates how to use PAT tokens to call ZITADEL APIs, but specifically for service users rather than authenticated human users.
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.