I’m currently working on setting up a custom login UI that integrates with Zitadel for a project involving three domains: example.com, auth.example.com, and app.example.com.
The flow goes like this: users land on example.com, and if they want to sign in or sign up, they get redirected to auth.example.com, where the sign-in and sign-up pages are hosted. After successfully signing up or logging in, they’re sent over to app.example.com.
Initially, I used personal access tokens for the Zitadel API calls, but now I’m looking to switch to JWT for authentication. I’ve gone through the docs but haven’t found a clear path on how to make this transition.
Specifically, I’m struggling with figuring out how to replace the personal access token with JWT in the Zitadel API calls for user authentication during login and signup.
If anyone has experience with Zitadel and JWT integration or can point me in the right direction with some code snippets or examples, I’d really appreciate the help.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi there,
Transitioning from using Personal Access Tokens to JWT JSON Web Tokens for authentication in Zitadel integration would require quite a bit of refactoring.
You will need to set up JWT-based authentication in your application and modifying your API calls to use JWTs instead of Personal Access Tokens.
Here’s a basic guide on how this might look:
Implementing the JWT-Based Authentication Flow
Initiate User Authentication:
auth.example.com
.Set Up OAuth 2.0 Flow: If you’re using OAuth 2.0 flows, you’ll redirect users to Zitadel’s authorization endpoint:
Handling JWT in Your Application
Next, once you have the JWT token, you’ll need to handle it in your application:
Store the JWT securely in your application context (e.g., in memory, session storage, or a secure cookie). Ensure it’s only accessible by the necessary parts of your application.
After that you can start using JWT in API Calls:
Code Snippet for API Calls with JWT
Here’s an example of how you might modify an API call to use JWT in JavaScript:
Always transmit JWTs over secure channels (HTTPS) and be cautious about where you store the JWT in the client-side environment. Consider using HTTPOnly cookies if applicable.
The Zitadel’s official documentation might be helpful for specific endpoints and detailed examples:
Hope this helps! Let me know if you have any questions.
Best,
Bobby