fix: correct login callback and the logout redirect URLs in documentation

mridang · mridang · commit 61087aa917f0 · 2026-02-06T15:06:45.000+11:00
The documented callback URLs did not match the actual URLs used by Auth.js. The OAuth redirect URI should be /api/auth/callback/zitadel, not /auth/callback.
Additionally, the post-logout redirect URL in .env.example was missing the /api/auth/logout/callback path.
diff --git a/.env.example b/.env.example
@@ -44,7 +44,7 @@ ZITADEL_CLIENT_SECRET=""
 # The full URL where ZITADEL redirects the user after they have authenticated.
 # This MUST exactly match one of the "Redirect URIs" you have configured in
 # your ZITADEL application settings.
-ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback"
+ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback/zitadel"
 
 # The internal URL within your application where users are sent after a
 # successful login is processed at the callback URL.
@@ -54,5 +54,5 @@ ZITADEL_POST_LOGIN_URL="/profile"
 # The full URL where ZITADEL redirects the user after they have logged out.
 # This MUST exactly match one of the "Post Logout Redirect URIs" configured
 # in your ZITADEL application settings.
-ZITADEL_POST_LOGOUT_URL="http://localhost:3000"
+ZITADEL_POST_LOGOUT_URL="http://localhost:3000/auth/logout/callback"
 
diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ You'll need a ZITADEL account and application configured. Follow the [ZITADEL do
 
 > **Important:** Configure the following URLs in your ZITADEL application settings:
 >
-> - **Redirect URIs:** Add `http://localhost:3000/auth/callback` (for development)
+> - **Redirect URIs:** Add `http://localhost:3000/auth/callback/zitadel` (for development)
 > - **Post Logout Redirect URIs:** Add `http://localhost:3000/auth/logout/callback` (for development)
 >
 > These URLs must exactly match what your Hono application uses. For production, add your production URLs.
@@ -74,7 +74,7 @@ ZITADEL_CLIENT_SECRET="your-randomly-generated-client-secret"
 
 # OAuth callback URL where ZITADEL redirects after user authentication. This
 # MUST exactly match a Redirect URI configured in your ZITADEL application.
-ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback"
+ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback/zitadel"
 
 # URL where users are redirected after logout. This should match a Post Logout
 # Redirect URI configured in your ZITADEL application settings.

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ You'll need a ZITADEL account and application configured. Follow the [ZITADEL do`
`31`	`31`
`32`	`32`	`> Important: Configure the following URLs in your ZITADEL application settings:`
`33`	`33`	`>`
`34`		-> - Redirect URIs: Add `http://localhost:3000/auth/callback` (for development)
	`34`	+> - Redirect URIs: Add `http://localhost:3000/auth/callback/zitadel` (for development)
`35`	`35`	> - Post Logout Redirect URIs: Add `http://localhost:3000/auth/logout/callback` (for development)
`36`	`36`	`>`
`37`	`37`	`> These URLs must exactly match what your Hono application uses. For production, add your production URLs.`
`@@ -74,7 +74,7 @@ ZITADEL_CLIENT_SECRET="your-randomly-generated-client-secret"`
`74`	`74`
`75`	`75`	`# OAuth callback URL where ZITADEL redirects after user authentication. This`
`76`	`76`	`# MUST exactly match a Redirect URI configured in your ZITADEL application.`
`77`		`-ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback"`
	`77`	`+ZITADEL_CALLBACK_URL="http://localhost:3000/auth/callback/zitadel"`
`78`	`78`
`79`	`79`	`# URL where users are redirected after logout. This should match a Post Logout`
`80`	`80`	`# Redirect URI configured in your ZITADEL application settings.`