Skip to content
Migrating from NextAuth.js v4? Read our migration guide.

Zitadel Provider

Resources

Setup

Callback URL

https://example.com/api/auth/callback/zitadel

Environment Variables

AUTH_ZITADEL_ID
AUTH_ZITADEL_SECRET

Configuration

/auth.ts
import NextAuth from "next-auth"
import Zitadel from "next-auth/providers/zitadel"
 
export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [Zitadel],
})

Notes

The Redirect URIs used when creating the credentials must include your full domain and end in the callback path. For example:

  • For production: https://{YOUR_DOMAIN}/api/auth/callback/zitadel
  • For development: http://localhost:3000/api/auth/callback/zitadel

Make sure to enable dev mode in ZITADEL console to allow redirects for local development.

ZITADEL also returns a email_verified boolean property in the profile. You can use this property to restrict access to people with verified accounts.

const options = {
  ...
  callbacks: {
    async signIn({ account, profile }) {
      if (account.provider === "zitadel") {
        return profile.email_verified;
      }
      return true; // Do different verification for other providers that don't have `email_verified`
    },
  }
  ...
}
Auth.js © Balázs Orbán and Team - 2024