Allow usage of personal access tokens besides JWT Profile

[fforootd]

I think we should also allow to use PATs with this library and not only JWT profile.

[fforootd]

@hifabienne @livio-a FYI

[MinDBreaK]

Hello,
Is there any workaround while this is implemented ?

[fforootd]

Hello, Is there any workaround while this is implemented ?

No not ATM, but out of curiosity what is hindering you to use a keyfile (the json zitadel generates for you)?

[MinDBreaK]

I am using the access token of a user to retrieve the list of the organizations it has access to, but I need to introspect the token.
I might have missed the API that allow the inspection of another token ?

Probably the same as #186 I think, with the PR linked

[fforootd]

I am using the access token of a user to retrieve the list of the organizations it has access to, but I need to introspect the token. I might have missed the API that allow the inspection of another token ?

Probably the same as #186 I think, with the PR linked

The introspection endpoint needs a client authentication, in zitadel called an "api client" which will give you a json with a private key.

IMO it should be sufficient to setup the api client json (as key) and then to pass the token you have from the user to the sdk.

Somewhat like in this example https://github.com/zitadel/zitadel-go/blob/main/example/http/http.go

[MinDBreaK]

I need to execute request against Zitadel API with the context of the user. I'm using it's PAT to do this.
I went with the solution mentioned in #212 (comment)

This is fine by me, But I think maybe some methods could be renamed as we are not exactly using "JWT" to access the API.

The keyfile could be used, but I would also like the ability to use env vars for example (unrelated issue)