- Go to your ZITADEL admin console (e.g.,
https://auth.example.com). - Log in with your admin credentials.
- In the ZITADEL console, go to Projects.
- Click Create New Project.
- Name your project (e.g.,
UniFi Voucher Site). - Click Create.
Now, create an application under the project you just created.
- Select your project (e.g.,
UniFi Voucher Site). - Under Applications click Add.
- Fill in the following fields and click Continue:
- Name:
Production. - Type:
Web.
- Name:
- Select Code and click Continue.
- Fill in the following fields and click Continue:
- Login Redirect URIs: Enter the URL of your UniFi Voucher callback (e.g.,
https://voucher.example.com/oidc/callback). - Logout Redirect URIs: Enter the root URL of your UniFi Voucher instance (e.g.,
https://voucher.example.com).
- Login Redirect URIs: Enter the URL of your UniFi Voucher callback (e.g.,
- Click Create to save the application.
- Save the Client ID and Client Secret shown within the popup and click Close
Now, configure your UniFi Voucher Site to use the ZITADEL client.
- In your UniFi Voucher Site configuration, set
AUTH_OIDC_ENABLEDtotrue. - Set the
AUTH_OIDC_CLIENT_IDas the ClientId found within the ZITADEL Popup. - Provide the
AUTH_OIDC_CLIENT_SECRETas the ClientSecret found within the ZITADEL Popup. - Provide the
AUTH_OIDC_ISSUER_BASE_URLfrom your Keycloak server (e.g.,https://auth.example.com/.well-known/openid-configuration). - Provide the
AUTH_OIDC_APP_BASE_URLfrom your UniFi Voucher Site instance (e.g.,https://voucher.example.com). - Restart the container after these changes
- Test the login flow from your UniFi Voucher Site. It should redirect users to ZITADEL for authentication.
- After logging in, users should be redirected back to the voucher site with tokens from ZITADEL.
- Invalid Redirect URI: Ensure the callback URI matches what is configured in ZITADEL.
- Client Secret Errors: Ensure that the client secret in both ZITADEL and your UniFi configuration match.