Building Custom Login/Account Management
š¬Self-hostedšŖµLoginš§©IntegrationsāQuestionšOIDC
Hi,
I am trying to build a custom login and user account management app built on top of ZITADEL
The basic requirements are as follow:
* ZITADEL only runs in the server privately
* Backend communicates with self-hosted ZITADEL on bare metal
* Frontend communicates with backend
* Backend, frontend, and ZITADEL are all under the same server
* Reverse proxy is used to map the following:
* Frontend behind auth.example.com
* Backend behind auth.example.com/api
* Service user created to act on requests
Here is the challenge that I can't get my head around:
ZITADEL is running locally not using TLS or external source, just localhost+port as it is private, in the backend I am connecting with insecure configuration, but ZITADEL in the console shows localhost in the domain of the default org, and would like to have it as example.com or auth.example.com.
Also, the reset password sends a URL with the localhost.
I am assuming that validating the session requires the same second level domain example.com, whether it is foo.example.com or any subdomain, is this configuration handled in the allowed redirect URLs settings?
Is it possible to handle registration/login by an SA and account related action such as name change by the user itself so that the logs show the actual actor?
So I would like a general setup recommendation to properly make this happen, as the docs not very helpful.
I am trying to build a custom login and user account management app built on top of ZITADEL
The basic requirements are as follow:
* ZITADEL only runs in the server privately
* Backend communicates with self-hosted ZITADEL on bare metal
* Frontend communicates with backend
* Backend, frontend, and ZITADEL are all under the same server
* Reverse proxy is used to map the following:
* Frontend behind auth.example.com
* Backend behind auth.example.com/api
* Service user created to act on requests
Here is the challenge that I can't get my head around:
ZITADEL is running locally not using TLS or external source, just localhost+port as it is private, in the backend I am connecting with insecure configuration, but ZITADEL in the console shows localhost in the domain of the default org, and would like to have it as example.com or auth.example.com.
Also, the reset password sends a URL with the localhost.
I am assuming that validating the session requires the same second level domain example.com, whether it is foo.example.com or any subdomain, is this configuration handled in the allowed redirect URLs settings?
Is it possible to handle registration/login by an SA and account related action such as name change by the user itself so that the logs show the actual actor?
So I would like a general setup recommendation to properly make this happen, as the docs not very helpful.
