This example demonstrates how to implement authentication and authorization using Zitadel. It covers the flow of signing in a user via frontend redirection and authorizing that user through secure backend API calls to Zitadel.
-
The frontend is registered as a User Agent in the Zitadel console.
-
The backend is registered as a standard API resource.
-
When a user signs in via the frontend, they are redirected to Zitadel for authentication.
-
After successful login, the frontend obtains an access token, which is used to interact with the backend API.
-
The backend validates the access token and checks the user’s roles (e.g., admin) to determine permissions.
-
Authenticated users can view a to-do list.
-
Users with the admin role can add new items to the list.
 |
 |
 |
- Start Zitadel:
docker/podman compose up -d - Login Zitadel
http://localhost:8080/ui/console, with Email:zitadel-admin@zitadel.localhostPassword:Password1! - Create a new instance via the UI
- Create a two applications
- A react app of type
User Agent, copy the user id into the react apps config. - A api-app(OCID standard) and create a key and download it, place it in the backend directory and call it
key.json
- A react app of type
- Start the backend
make start-backend(orgo run .) - Start the frontend
make start-frontend(ornpm run dev) - Visit
localhost:5173and Log in with the existing user. - If you want to create a task with the user, create a admin role in the zitadel UI and assign it to your user.