Zitadel Cloud instance ignores x-zitadel-public-host when setting URLs in responses
❌Unsolved☁️Zitadel Cloud🪲Bugs🔗OIDC
I am using a Zitadel Cloud instance and have implemented a custom ui per the documentation. When proxying the oidc endpoints from my ui at
So a call to get the
What is the correct way to make a Zitadel Cloud instance respond with my proxy domain instead of the instance domain when calls are made to it?
login.example.comlogin.example.com to my instance at auth.example.comauth.example.com, I set x-zitadel-public-host: login.example.comx-zitadel-public-host: login.example.com and x-zitadel-instance-host: auth.example.comx-zitadel-instance-host: auth.example.com headers before sending forwarding the request to my instance. The instance is ignoring these headers and any URLs in the responses contain the instance domain, not the ui/proxy/public host domain.So a call to get the
.well-known/openid-configuration.well-known/openid-configuration returns a response with URLs of auth.example.comauth.example.com instead of login.example.comlogin.example.com. This can easily be rewritten by nginx, however, the token response returns a token with a jwt that has the claim iss: https://auth.example.comiss: https://auth.example.com instead of iss: https://login.example.comiss: https://login.example.com.What is the correct way to make a Zitadel Cloud instance respond with my proxy domain instead of the instance domain when calls are made to it?
