Configuring Zitadel and Custom Auth UI on the Same Domain: Best Practices?
Are there any special configurations (e.g., subdomains, CORS, cookies) required when hosting both Zitadel and a custom Auth UI on the same domain? Specifically, are there any considerations to ensure proper integration and secure handling of authentication flows?
4 Replies
Hi @JoseSzycho, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Typescript Repository : This covers the architectural overview of ZITADEL's Next.js-based login UI, including middleware configuration for OIDC proxy setup and domain requirements for HTTPS deployment.
2. CORS error while sending HEAD /oauth/v2/authorize request in a Custom Login UI : This discusses CORS issues encountered when implementing custom login UI and mentions enabling developer mode in redirect settings as a potential solution.
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
hey @JoseSzycho You are responsible for CORS and security headers in your own UI if any. But in general, use subdomains, set secure cookies, configure correct redirect URIs, and ensure your Auth UI follows CORS and security best practices. Should be fine 🙂
Thanks !
hey @JoseSzycho if this helped, you can mark my answer with ✅ and It will auto close this question