Demo project
See demo_project for a complete example.
The demo shows:
- Authentication with Zitadel OpenID Connect
- Role-based access control for protected endpoints
- Scope-based authorization for API endpoints
- Service user authentication via JWT
- Swagger UI with OAuth2 integration
Starting the FastAPI server
- Install dev dependencies:
uv sync --group dev(see Contributing). - Run the demo server:
- The server starts at http://localhost:8001.
Login
User types in Zitadel
Zitadel differentiates two types of users:
- Users ("human users", i.e. people with a login)
- Service users ("machine users", i.e. integration bots).
User login
- Open http://localhost:8001/docs.
- Click Authorize in the top right corner.
- Click Authorize in the modal. Zitadel's login page opens.
- Log in with your Zitadel credentials. You are redirected back to the docs page.
- Try out the endpoints.
- If login fails, retry in a private browsing window.
Service user login
- Set up a service user as described in the setup guide.
- Download the private key from Zitadel.
- Update the config in
demo_project/service_user.py. - Run the script:
Expected response:
{
"message": "Hello world!",
"user": {
"claims": {
"aud": [
"..."
],
"client_id": "...",
"exp": 1739406574,
"iat": 1739363374,
"iss": "https://myinstance.zitadel.cloud",
"sub": "...",
"nbf": 1739363374,
"jti": "...",
"project_roles": {
"admin": {
"1234567": "hello.xyz.zitadel.cloud"
}
}
},
"access_token": "eyJhbGciO... (truncated)"
}
}