Available authentication flows?
Hello. Im not clearly understand the available authentication flows.
Is zitadel designed for oauth OIDC only?
We want to use classic cookie-based sessions and zitadel as a proxy, or at least jwt tokens. Self-hosted registration only, without oauth or oidc.
Is that possible?
4 Replies
Hi @T2, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Recommended authorization flows with OpenID Connect (OIDC) and OAuth 2.x : This covers ZITADEL's OAuth 2.x and OIDC flows including Authorization Code with PKCE and JWT bearer tokens for machine-to-machine authentication.
2. OpenID Connect Endpoints in ZITADEL : Documents the OIDC endpoints and authorization flows that ZITADEL supports for authentication.
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
hey @T2 thanks fr your question.
Classic cookie-based sessions managed by your backend (without OIDC/OAuth) are not supported as a primary integration method. ZITADEL is designed for OIDC/OAuth2 flows.You can use ZITADEL for local (self-hosted) registration, but auth/authorization will be via OIDC/OAuth flows with token issuance.
That explains a lot. Thanks!
Glad I could be helpful. Feel free to create a new thread with any new questions you may have.
Glad I could be helpful. Feel free to create a new thread with any new questions you may have.