How to use the login interface of the nextjs app to login zitadel
Original message was deleted
FI think in that case you will need different auth middleware depending on the routes the user tries to access, e.g when the user goes to /admin... the user will be redirected to zitadel login, when the user tries to access any other page, they will be redirected to supabase
Fthis depends on your use case. you can build your own login ui with our session api, either as a separat ui or build it directly into your application. also you need to decide if you still need the oidc standard or not. you can find some guidence on how to build the different flows of for your own ui here: https://zitadel.com/docs/guides/integrate/login-ui
In the following guides you will learn how to create your own login UI with our APIs. The different scenarios like username/password, external identity provider, etc. will be shown.
Falso we do have a typescript repository which includes a login, if you do not want to start from scratch you can for the repository or use some components from there. https://zitadel.com/docs/guides/integrate/login-ui/typescript-repo
To replace our current golang built login UI and showcase the use of our new resource, session and OIDC APIs, we've created the Typescript Repository.
Fyes, if you only need username password authentication, just be aware that you will receive an opaque zitadel token, and not a oidc token as response
FThe ZITADEL Backend, eg. APIs are able to handle the opaque token. you backend depends on how you implement it. you can read more about the session validation here: https://zitadel.com/docs/guides/integrate/login-ui/session-validation
Sessions represent the state of a user session in ZITADEL. They can be aggregated and updated over time to reflect
Fthanks you too, let me know how it goes.
Fa possiblity is to create a service user with the permissions and add a pat (personal access token), which is a ready to use token.
FA Personal Access Token (PAT) is a ready to use token which can be used as Authorization header.
Fand here the general docs on how to authenticate a service user: https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users
This guide explains ZITADEL service users and their role in facilitating secure machine-to-machine communication within your applications.
Fbecause only authenticated users can call zitadel apis. a user with permission to create sessions.
Fso first about the flow above, if you do have the loginname and the password field on one screen, you can also send both directly in the post create session, in that case you do not need the second patch with the password. if you have both on different screens then it might make sense to do it in to steps
Fwhat do you mean by multiple members to be admin, this sounds like you mix different use cases.
Fif you do have your administrators (humans), which are able to administrat ressources, for example create users, i recommend creating users and let them authenticate with a human interaction flow, e.g login ui.
Fbut you can think of your own login ui as an application, which needs to authenticate itself against zitadel. otherwise, everyone could just create sessions and get tokens.
Fthats why you need a service account/machine user, there are also different possibilities on how to authenticate them, but as this is a machine its not possible to show a login ui, so one possiblity is PAT, this is the easiest way to quickly test if everything works. if you do want to know more about the different methods of authenticating a service account you can read about the benefits and drawbacks of each method here: https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users#authentication-methods
This guide explains ZITADEL service users and their role in facilitating secure machine-to-machine communication within your applications.
FThats a long text, i hope this helps you. let me know if you have more questions
Fi think on our end we will have to extend the guides a little more to describe some more concepts, and how it works