Zitadel Provider
Resources
Setup
Callback URL
https://example.com/api/auth/callback/zitadelEnvironment Variables
AUTH_ZITADEL_ID
AUTH_ZITADEL_SECRET
Configuration
/auth.ts
import NextAuth from "next-auth"
import Zitadel from "next-auth/providers/zitadel"
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [Zitadel],
})Notes
The Redirect URIs used when creating the credentials must include your full domain and end in the callback path. For example:
- For production:
https://{YOUR_DOMAIN}/api/auth/callback/zitadel - For development:
http://localhost:3000/api/auth/callback/zitadel
Make sure to enable dev mode in ZITADEL console to allow redirects for local development.
ZITADEL also returns a email_verified boolean property in the profile. You can use this property to restrict access to people with verified accounts.
const options = {
...
callbacks: {
async signIn({ account, profile }) {
if (account.provider === "zitadel") {
return profile.email_verified;
}
return true; // Do different verification for other providers that don't have `email_verified`
},
}
...
}