Login V1 to Login V2
We are migrating from Login V1 to Login V2.
We already are in production with Login V1.
After hosting the login V2, and configuring our zitadel instance organization to redirect to the new login ui v2.
When our front app call the "authorization"
https://idpxxx.instance.com/oauth/v2/authorize?client_id=xxxx&redirect_uri=https://webapp.xxxx.com/idp-callback
The authorize redirect correctly to the new login V2.
We are able to authenticate, BUT after authentication, the new login v2 redirect to idp and does not take care about the "redirect_uri" given in the authorize parameters.
Any idea ?
The redirect url to the new login v2 :
https://login.xxx.com/ui/v2/login?authRequest=V2_xxxx
and then redirect to :
https://login.xxx.com/ui/v2/login/loginname
So the redirect_uri is not transmitted to the new login v2
Thank you
2 Replies
Ok, So it works now !
For people who will be in the same situation :
1 - Get the right ZITADEL_SERVICE_USER_TOKEN : Follow the guide here : https://zitadel.com/docs/self-hosting/manage/login-client
- The important part is to add the role to the services user (machine user) by using the URL : YOU_ZITADEL_HOST/ui/console/instance/members (it seems the screen is not accessible from a UI menu or button)
2 - Deploy the Login UI : Following this guide : https://zitadel.com/blog/how-to-self-host-zitadel-typescript-login-ui#deploying-the-custom-login-ui
- In this guide, they tell us to create the user and assign the role ... but you won't be able to do it without checking the first guide in my first point
- You can deploy on vercel or on your own infrastructure , if it's on your own infrastructe, remove all the "vercel" dependencies from the code
- The custom base URL for the new login UI (in the guide it's a screenshot, so you can't know what is the real base URL)
- I tried : https://your_login_v2_host/ -- https://your_login_v2_host/ui/v2/ -- https://your_login_v2_host/ui/v2/login
- The right one is : https://your_login_v2_host/ui/v2/login
So the documentation is not very nice, BUT when you've understood how to configure it, THEN it works like a charm without any difference.
And you can customize the login as you want as it's a nextjs project !
ZITADEL Docs
To enable your self-hosted Login UI to connect to the Zitadel API, it needs a token for a user with the IAMLOGINCLIENT role.
ZITADEL • Identity infrastructure, simplified for you
ZITADEL • Identity infrastructure, simplified for you
This post dives into some of the key aspects of hosting your own custom login UI using the Zitadel typescript library.
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@238711482802503680>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀