Provider
Zitadel
Zitadel provider documentation
Feature/OIDC support
✅ PKCE
✅ Nonce
✅ State
❌ Access Token validation
✅ ID Token validation
Introduction
For Zitadel you have to provide at least the baseUrl
, clientId
and clientSecret
properties. The baseUrl
is used to dynamically create the authorizationUrl
, tokenUrl
, logoutUrl
and userInfoUrl
.
The provider supports PKCE and Code authentication schemes. For PKCE just leave the clientSecret set to an empty string ('').
Provider specific parameters
This providers doesn't have specific parameters.
Example Configuration
Never store sensitive values like your client secret in your Nuxt config. Our recommendation is to inject at least client id and client secret via. environment variables.
nuxt.config.ts
zitadel: {
clientId: '',
clientSecret: '', // Works with PKCE and Code flow, just leave empty for PKCE
redirectUri: 'http://localhost:3000/auth/zitadel/callback', // Replace with your domain
baseUrl: '', // For example https://PROJECT.REGION.zitadel.cloud
audience: '', // Specify for id token validation, normally same as clientId
logoutRedirectUri: 'https://google.com', // Needs to be registered in Zitadel portal
authenticationScheme: 'none', // Set this to 'header' if Code is used instead of PKCE
},
Environment variables
Dotenv files are only for (local) development. Use a proper configuration management or injection system in production.
.env
NUXT_OIDC_PROVIDERS_ZITADEL_CLIENT_ID=123456789012345678
NUXT_OIDC_PROVIDERS_ZITADEL_BASE_URL=https://PROJECT.us1.zitadel.cloud/