Skip to main content

Applications

What is an application?

Applications are the entry point to your project. Users either login into one of your clients and interact with them directly or use one of your API, maybe without even knowing. All applications share the roles and authorizations of their project.

Application types

If you create a new application in ZITADEL Console you have to choose the type of your application. But which one do you have to choose?

Detailed information about authentication types can be found here.

Redirect URIs configurationRedirect URIs configuration

Web

Server side rendered applications users interact with. For example if you develop an application using Thymeleaf in Java or Razor in .NET or want to enable SSO in Gitlab.

Following authentication types can be used:

pkce previewpkce preview

PKCE

Recommended because it's the most secure.

code previewcode preview

Code

Use if your application needs client id and client secret

jwt previewjwt preview

(Private Key) JWT

Key file to authorize your application. You can create keys after created the application see below

post previewpost preview

Post

Only use if you have no other possibilities. Client id and client secret in request body

Native

Applications installed on a thin client. For example on a smartphone or computer.

These applications uses the Key file generated by ZITADEL to authenticate.

Native only supports code authentication type, that's why you don't have to select any

User Agent

Applications that are executed in a web browser, for example single page applications executed in the browser developed with JavaScript frameworks like Angular or React

Following authentication types can be used:

pkce previewpkce preview

PKCE

Recommended because it's the most secure.

implicit previewimplicit preview

Implicit

Only use if you have no other possibilities. The flow is objective to be removed.

API

Applications without human interaction. These applications are accessed by other applications, so called machine to machine communication.

Following authentication types can be used:

jwt previewjwt preview

(Private Key) JWT

Key file to authorize your application. You can create keys after created the application see below

basic previewbasic preview

Basic

The application sends username and password

Redirect URIs

During the login flow the application defines where a user is redirected to after login or logout.
ZITADEL verifies if the URL the user gets redirected to is valid by checking if one of the redirect URIs match.

  • Redirect URIs are verified during the login process.
  • Post Logout URIs are verified during the logout process.
note

The default redirect uri of your app is

Redirect URIs configurationRedirect URIs configuration

Review Configuration

This page shows what will be created. After you have reviewed the configuration you can create the application.

Client information

Please make sure to safe the client id and secret for later user in the application.

client infosclient infos

Generate key for private key JWT

After you successfully created your application with authentication type JWT your can create keys in the "KEYS" section of the app details like following video shows:

Generate key previewGenerate key preview