Runbook: Add OIDC Application

Purpose

Register a new OIDC application in Zitadel and wire it into a RavenmaskOS service.

Prerequisites

• Access to Zitadel admin console
• Service URL and callback/redirect URI

Procedure

Step 1: Create the application

1. Log in to the Zitadel admin console.
2. Select the correct project.
3. Create a new OIDC application.
4. Configure redirect URIs and logout redirect URIs.

Step 2: Capture client credentials

Save the Client ID and Client Secret for the service.

Step 3: Update service configuration

Update the service environment variables in ~/ravenhelm/secrets/.env and restart the service.

ssh ravenhelm@100.115.101.81 "docker restart <service>"

Verification

• Successful login via the service UI
• Tokens are issued by Zitadel

Rollback

Remove the app configuration and revert service environment variables to the previous values.

Related

• Identity Management
• Authentication Issues