🕸️

Author: quochuydev

app1/ui/components/ProfileImage.tsx

@@ -88,7 +88,7 @@ export default function ProfileImage(props: {
                     return_url: "https://app.example.local/app1",
                   });
 
-                  window.location.href = `https://auth.example.local/auth/signin/portal?${params}`;
+                  window.location.href = `https://auth.example.local/auth/signin/zitadel?${params}`;
                 }}
               >
                 + Add other account
@@ -109,7 +109,7 @@ export default function ProfileImage(props: {
                     params.set("id_token_hint", session.idToken);
                   }
 
-                  window.location.href = `https://auth.example.local/auth/signout/portal?${params}`;
+                  window.location.href = `https://auth.example.local/auth/signout/zitadel?${params}`;
                 }}
               >
                 Logout

app2/ui/Home.tsx

@@ -37,7 +37,7 @@ export default function Home() {
             return_url: "https://app.example.local/app2",
           });
 
-          window.location.href = `https://auth.example.local/auth/signin/zitadel?${params}`;
+          window.location.href = `https://auth.example.local/auth/signin/portal?${params}`;
         }}
       >
         Login
@@ -52,7 +52,7 @@ export default function Home() {
             params.set("id_token_hint", sessions[0].idToken);
           }
 
-          window.location.href = `https://auth.example.local/auth/signout/zitadel?${params}`;
+          window.location.href = `https://auth.example.local/auth/signout/portal?${params}`;
         }}
       >
         Logout

auth/app/api/auth/callback/[provider]/route.ts

@@ -21,6 +21,8 @@ async function handler(
   try {
     const code = request.nextUrl.searchParams.get("code");
     const state = request.nextUrl.searchParams.get("state");
+    const provider = params.provider;
+    if (!provider) throw new Error("provider not found");
 
     const requestCookie = cookies();
     const returnUrlCookie = requestCookie.get(returnUrlCookieName);
@@ -36,17 +38,14 @@ async function handler(
     if (stateCookie.value !== state) throw new Error("Invalid state");
 
     if (!redirectCookie) throw new Error("Redirect url cookie not found");
-    if (redirectCookie.value !== configuration.redirectUrl)
+    if (redirectCookie.value !== configuration[provider].redirectUrl)
       throw new Error("Invalid redirect url");
 
-    const provider = params.provider;
-    if (!provider) throw new Error("provider not found");
-
     const tokenParams = new URLSearchParams();
     tokenParams.append("code", code as string);
     tokenParams.append("grant_type", "authorization_code");
     tokenParams.append("client_id", configuration[provider].clientId);
-    tokenParams.append("redirect_uri", configuration.redirectUrl);
+    tokenParams.append("redirect_uri", configuration[provider].redirectUrl);
     tokenParams.append("code_verifier", codeVerifierCookie.value);
 
     const wellKnownResponse = await fetch(

auth/app/api/auth/signin/[provider]/route.ts

@@ -62,7 +62,7 @@ export async function POST(
     code_challenge: codeChallenge,
     code_challenge_method: "S256",
     client_id: configuration[provider].clientId,
-    redirect_uri: configuration.redirectUrl,
+    redirect_uri: configuration[provider].redirectUrl,
     response_type: "code",
     scope,
     state,
@@ -73,10 +73,13 @@ export async function POST(
 
   if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
   setShortLiveCookie(stateCookieName, state);
-  setShortLiveCookie(redirectUrlCookieName, configuration.redirectUrl);
+  setShortLiveCookie(
+    redirectUrlCookieName,
+    configuration[provider].redirectUrl
+  );
   setShortLiveCookie(codeVerifierCookieName, codeVerifier);
   deleteCookie(csrfTokenCookieName);
 
-  const authorizeUrl = `${wellKnown.authorization_endpoint}?${params}`;
+  const authorizeUrl = `${wellKnown.authorization_endpoint}?${requestParams}`;
   return NextResponse.json({ authorizeUrl });
 }

auth/app/api/auth/signout/[provider]/route.ts

@@ -69,7 +69,7 @@ export async function POST(
 
     if (returnUrl) setShortLiveCookie(returnUrlCookieName, returnUrl);
 
-    const endSessionUrl = `${wellKnown.end_session_endpoint}?${params}`;
+    const endSessionUrl = `${wellKnown.end_session_endpoint}?${requestParams}`;
 
     return NextResponse.json({ endSessionUrl });
   } catch (error: any) {

auth/configuration.ts

@@ -24,16 +24,19 @@ const schema = z.object({
   portal: z.object({
     clientId: z.string(),
     issuer: z.string(),
+    redirectUrl: z.string(),
   }),
   zitadel: z.object({
     clientId: z.string(),
+    redirectUrl: z.string(),
     issuer: z.string(),
   }),
-  redirectUrl: z.string(),
   postLogoutRedirectUri: z.string(),
 });
 
-const configuration = {
+type Configuration = z.infer<typeof schema>;
+
+const configuration: Configuration = {
   appUrl: "https://auth.example.local",
   domain: "example.local",
   originRegex: /^(.*\.)?(example\.local|real-domain\.com)$/,
@@ -44,12 +47,13 @@ const configuration = {
   portal: {
     issuer: "https://zitadel-login-ui-v2.vercel.app",
     clientId: "279716137237868517",
+    redirectUrl: "https://auth.example.local/api/auth/callback/portal",
   },
   zitadel: {
     issuer: "https://system-v1-fpms4l.zitadel.cloud",
     clientId: "279716137237868517",
+    redirectUrl: "https://auth.example.local/api/auth/callback/zitadel",
   },
-  redirectUrl: "https://auth.example.local/api/auth/callback",
   postLogoutRedirectUri: "https://auth.example.local/auth/signedout",
 };