diff --git a/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs b/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
index 7774cc03..2c21cb68 100644
--- a/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
+++ b/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
@@ -29,6 +29,13 @@ public class ZitadelApiOptions
///
public BasicAuthentication? BasicAuthCredentials { get; set; }
+ ///
+ /// Correlates with . If the API application uses
+ /// a private key JWT (recommended), this property can be set to pass the
+ /// application object itself instead of a key path or key content.
+ ///
+ public Application? JwtProfile { get; set; }
+
///
/// If the API application uses a private key JWT (recommended) to authenticate
/// itself against the IAM API, use this property to provide the key information.
diff --git a/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs b/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
index e12349f2..16131b0f 100644
--- a/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
+++ b/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
@@ -14,6 +14,7 @@
#if NET5_0_OR_GREATER
using System.Net.Http.Json;
+
#elif NETCOREAPP3_1_OR_GREATER
using System.Text.Json;
#endif
@@ -148,17 +149,18 @@ public override ClaimsPrincipal ValidateToken(
private Func RequestConstructor()
{
_oidcConfiguration ??= _configuration.GetConfigurationAsync().Result;
- if (_options.BasicAuthCredentials == null && _options.JwtProfileKey == null)
+ if (_options.BasicAuthCredentials == null && _options.JwtProfileKey == null && _options.JwtProfile == null)
{
throw new ApplicationException(
"Neither BasicAuth nor JwtPrivateKey credentials configured in Zitadel API authentication.");
}
- if (_options.JwtProfileKey != null)
+ if (_options.JwtProfileKey != null || _options.JwtProfile != null)
{
- var app = _options.JwtProfileKey.Content != null
- ? Application.LoadFromJsonString(_options.JwtProfileKey.Content)
- : Application.LoadFromJsonFile(_options.JwtProfileKey.Path ?? string.Empty);
+ var app = _options.JwtProfile ??
+ (_options.JwtProfileKey?.Content != null
+ ? Application.LoadFromJsonString(_options.JwtProfileKey.Content)
+ : Application.LoadFromJsonFile(_options.JwtProfileKey?.Path ?? string.Empty));
string? jwt = null;