Custom Login UI - OIDC Support
I'm trying to build custom login UI supporting OIDC standard and I don't understand step 2 to step 4 from the picture I attached:
Redirect to a predefined, relative URL of the login UI that includes the authrequest ID ("/login?authRequest="
Where I need to predefine the URL?
Currently I'm using postman to test things, so step 2 is executed in postman. Is there some header param I need to add so Zitadel will know where to redirect?
In step 2, do I need to redirect to ZITADEL from browser or I can do that from the server side?
8 Replies
To add more context to this question I will add a code snippet from my Go server:
Here I'm trying to redirect auth request to my Zitadel instance (step 2).
I will also add screenshot from postman - in the response headers after redirect X-Zitadel-Login-Client header is not propagated to the zitadel api request.
1. From the browser call myserver/auth providing all necessary information needed for OIDC
2. myserver adds x-zitadel-login-client header and redirects the browser to Zitadel's oauth/authorize endpoint
3. Redirect happens but the header is not attached when browser opens Zitadel's endpoint. (As far as I understand it is expected behaviour and there are advices to call url which needs custom headers from javascript, but then I have CORS error)
I also tried to call Zitadel's oauth authorize endpoint from postman with attached header and I was redirected to /login endpoint, but on our Zitadel's domain(what is expected, since my initial host is our Zitadel's domain)
Is there something obviously wrong with my approaches?
@peintnermax can you advise or maybe @livio
Unknown User•16mo ago
Message Not Public
Sign In & Join Server To View
yes, we ended up doing similar thing. Request is sent from our golang app where http client is configured not to follow redirects. Then we have to extract Location from redirect header and manually redirect the browser there (/login?authRequest=V2....).
Hi @11011011 , if you're able to work around it. Can you please let me know the steps you followed in Golang app?
So, when creating a client that proxies authorization request, you have to define CheckRedirect function:
client := &http.Client{
CheckRedirect: func(req http.Request, via []http.Request) error {
return http.ErrUseLastResponse
},
}
and later you are able to extract location header with authRequest query param:
location := resp.Header.Get("Location")
code snippet: https://gist.github.com/mbalug7/57662f7d4f6259ad7f71d706018eeb28 - after receiving response I'm doing a bunch of things that are needed for our use-case, and eventually I'm redirecting browser to the received location
Thanks @11011011 , that would help.
Thanks @11011011 . It worked for me.