FHm you could try (domain)/.well-known/openid-configuration
FThat would be the openid discovery endpoint which lists all other endpoints needed
FCan you provide logs from harbor?
FThe code can be exchanged on /oauth/v2/token
FThis is usually called the issuer and is the zitadel domain
FFAt the moment you get a code back? I.e you are redirected to the login?
FWhat client type did you select with zitadel?
FOk that is good to know
FOk web should be correct
Fthat is a weird error
Fare you using zitadel cloud or local?
Fhm ok
Fthe 401 is really weird
Fok
FI mean the callback looks working
Fbut the code to token exchange not
FIMO it looks like harbor does not send the secret along
FDo you see the call being made to zitadel?
Fyou can enable logs in zitadel
FGitHub
ZITADEL - Identity infrastructure, simplified for you. - zitadel/zitadel
Fyou can enable the http logs with the setting above 
FFcould it not be that harbo can not access the client_secret?
FWell its really a wild guess from me
FLooking at the config there is not much that could go wrong
Fso zitadel printed out the 401 in the log, right
Fhm that error looked weird though
Fmaybe harbor has a problem with the client ID
Fok interesting
Fso the clientID works
Fbut the secret not
FGitHub
When we try to define a remote registry to another Harbor instance, with a valid user/password, the process fails with a "internal server message" and the following traces: 2020-06-04T20:...