Provider

Zitadel

Zitadel provider documentation

Feature/OIDC support

✅  PKCE
✅  Nonce
✅  State
❌  Access Token validation
✅  ID Token validation

Introduction

For Zitadel you have to provide at least the baseUrl, clientId and clientSecret properties. The baseUrl is used to dynamically create the authorizationUrl, tokenUrl, logoutUrl and userInfoUrl. The provider supports PKCE and Code authentication schemes. For PKCE just leave the clientSecret set to an empty string ('').

Provider specific parameters

This providers doesn't have specific parameters.

Example Configuration

Never store sensitive values like your client secret in your Nuxt config. Our recommendation is to inject at least client id and client secret via. environment variables.
nuxt.config.ts
zitadel: {
  clientId: '',
  clientSecret: '', // Works with PKCE and Code flow, just leave empty for PKCE
  redirectUri: 'http://localhost:3000/auth/zitadel/callback', // Replace with your domain
  baseUrl: '', // For example https://PROJECT.REGION.zitadel.cloud
  audience: '', // Specify for id token validation, normally same as clientId
  logoutRedirectUri: 'https://google.com', // Needs to be registered in Zitadel portal
  authenticationScheme: 'none', // Set this to 'header' if Code is used instead of PKCE
},

Environment variables

Dotenv files are only for (local) development. Use a proper configuration management or injection system in production.

.env
NUXT_OIDC_PROVIDERS_ZITADEL_CLIENT_ID=123456789012345678
NUXT_OIDC_PROVIDERS_ZITADEL_BASE_URL=https://PROJECT.us1.zitadel.cloud/

Copyright © 2024