providers/zitadel
ZitadelProfile
The returned user profile from ZITADEL when using the profile callback. See the standard claims reference here. If you need access to ZITADEL APIs or need additional information, make sure to add the corresponding scopes.
Extends
Record
<string
,any
>
Properties
amr
amr: string;
aud
aud: string;
auth_time
auth_time: number;
azp
azp: string;
email: string;
email_verified
email_verified: boolean;
exp
exp: number;
family_name
family_name: string;
gender
gender: string;
given_name
given_name: string;
iat
iat: number;
iss
iss: string;
jti
jti: string;
locale
locale: string;
name
name: string;
nbf
nbf: number;
phone
phone: string;
phone_verified
phone_verified: boolean;
picture
picture: string;
preferred_username
preferred_username: string;
sub
sub: string;
default()
default<P>(options): OIDCConfig<P>
Add ZITADEL login to your page.
Setup
Callback URL
https://example.com/api/auth/callback/zitadel
Configuration
import Auth from "@auth/core"
import ZITADEL from "@auth/core/providers/zitadel"
const request = new Request(origin)
const response = await Auth(request, {
providers: [ZITADEL({ clientId: ZITADEL_CLIENT_ID, clientSecret: ZITADEL_CLIENT_SECRET })],
})
Resources
Notes
By default, Auth.js assumes that the ZITADEL provider is based on the Open ID Connect specification.
The Redirect URIs used when creating the credentials must include your full domain and end in the callback path. For example:
- For production:
https://{YOUR_DOMAIN}/api/auth/callback/zitadel
- For development:
http://localhost:3000/api/auth/callback/zitadel
Make sure to enable dev mode in ZITADEL console to allow redirects for local development.
The ZITADEL provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.
ZITADEL also returns a email_verified boolean property in the profile. You can use this property to restrict access to people with verified accounts.
const options = {
...
callbacks: {
async signIn({ account, profile }) {
if (account.provider === "zitadel") {
return profile.email_verified;
}
return true; // Do different verification for other providers that don't have `email_verified`
},
}
...
}
Disclaimer If you think you found a bug in the default configuration, you can open an issue.
Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.
Type parameters
Type parameter |
---|
P extends ZitadelProfile |
Parameters
Parameter | Type |
---|---|
options | OAuthUserConfig <P > |
Returns
OIDCConfig
<P
>