Incus with Zitadel as OIDC

Trying to authenticate Incus through Zitadel for my SPA.

Zitadel
Application Type: User Agent
Response Types: Code
Authentication Method: None
Grant Types: Authorization Code, Refresh Token
Auth Token Type: JWT
+User Info inside ID Token
Redirect URIs: incus.domain/oidc/callback

Incus
oidc.issuer → “issuer” value from zitadel.domain/.well-known/openid-configuration

When I call zitadel.domain/oauth/v2/authorize?client_id=XYZ&redirect_uri=incus.domain/oidc/callback&scope=openid&response_type=code it redirects me to
incus.domain/oidc/callback, but endpoint just returns:

failed to get state: http: named cookie not present

Ok, I think I get it. The cookies are set in incus.domain/oidc/login endpoint and it gets me redirected to OIDC provider. I don’t have to trigger auth endpoint manually.

Will this “login” endpoint be available in future as I read somewhere you don’t plan to have your own “Incus UI”?

Yeah, we’re going to keep the /oidc/login, /oidc/logout and /oidc/callback endpoints.
login and logout are typically called/redirected-to by whatever Incus web UI is installed on the system (we expect our web UIs to be static HTML/JS/CSS so they’ll just use the existing endpoints for OIDC).

1 Like