From 826f9cc03d2d95ce9f22c928ac729d99d5a53334 Mon Sep 17 00:00:00 2001
From: Florian Hoss <mail@florianhoss.de>
Date: Fri, 12 Apr 2024 16:19:11 +0200
Subject: [PATCH] Use zitadel again :hand:

---
 components/user.templ     |  18 +++---
 go.mod                    |  29 ++++++---
 go.sum                    |  80 ++++++++++++++++++-------
 handlers/app.handlers.go  |  23 ++------
 handlers/auth.handlers.go | 121 ++++++++------------------------------
 handlers/routes.go        |  35 +++++++----
 handlers/session.go       |  25 --------
 internal/env/env.go       |  29 +++++----
 main.go                   |  18 ++----
 views/home/home.templ     |   4 +-
 10 files changed, 157 insertions(+), 225 deletions(-)
 delete mode 100644 handlers/session.go

diff --git a/components/user.templ b/components/user.templ
index 6e7ae3e..07e36d6 100644
--- a/components/user.templ
+++ b/components/user.templ
@@ -6,7 +6,7 @@ import (
 	"strings"
 	"html/template"
 
-	"github.com/logto-io/go/core"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 )
 
 var GravatarTemplate = template.Must(template.New("gravatar").Parse("<div class=\"relative avatar rounded w-10 h-10 bg-contain bg-center bg-origin-content bg-no-repeat opacity-90\" style=\"background-image: url({{ . }})\"></div>"))
@@ -18,14 +18,12 @@ func GetGravatarURL(email string, size uint) string {
 	return string(templ.URL(gravatarURL))
 }
 
-templ User(claims *core.IdTokenClaims) {
-	<a class="dropdown tooltip" data-tip="Logout" href="/sign-out">
-		<div tabindex="0" role="button" class="flex items-center gap-2 hover:cursor-pointer opacity-80 hover:opacity-100 transition-opacity">
-			<div class="hidden md:flex flex-col items-end">
-				<div class="text-secondary text-sm font-bold whitespace-nowrap">{ claims.Name }</div>
-				<div class="text-gray-500 text-xs whitespace-nowrap">{ claims.Email }</div>
-			</div>
-			@templ.FromGoHTML(GravatarTemplate, GetGravatarURL(claims.Email, 100))
+templ User(claims *oidc.UserInfo) {
+	<div class="flex items-center gap-2 transition-opacity">
+		<div class="hidden md:flex flex-col items-end">
+			<div class="text-secondary text-sm font-bold whitespace-nowrap">{ claims.Name }</div>
+			<div class="text-gray-500 text-xs whitespace-nowrap">{ claims.Email }</div>
 		</div>
-	</a>
+		@templ.FromGoHTML(GravatarTemplate, GetGravatarURL(claims.Email, 100))
+	</div>
 }
diff --git a/go.mod b/go.mod
index 8283b06..f41c13f 100644
--- a/go.mod
+++ b/go.mod
@@ -3,33 +3,44 @@ module gitlab.unjx.de/flohoss/godash
 go 1.22
 
 require (
-	github.com/a-h/templ v0.2.648
-	github.com/alexedwards/scs/v2 v2.8.0
+	github.com/a-h/templ v0.2.663
 	github.com/caarlos0/env/v10 v10.0.0
 	github.com/go-playground/validator/v10 v10.19.0
-	github.com/logto-io/go v1.0.4
 	github.com/r3labs/sse/v2 v2.10.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
+	github.com/zitadel/oidc/v3 v3.21.0
+	github.com/zitadel/zitadel-go/v3 v3.0.0-next.2
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/muhlemmer/gu v0.3.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/tklauser/go-sysconf v0.3.13 // indirect
 	github.com/tklauser/numcpus v0.7.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	github.com/zitadel/logging v0.6.0 // indirect
+	github.com/zitadel/schema v1.3.0 // indirect
+	go.opentelemetry.io/otel v1.25.0 // indirect
+	go.opentelemetry.io/otel/metric v1.25.0 // indirect
+	go.opentelemetry.io/otel/trace v1.25.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 2af5c5d..2ad621c 100644
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,7 @@
-github.com/a-h/templ v0.2.648 h1:A1ggHGIE7AONOHrFaDTM8SrqgqHL6fWgWCijQ21Zy9I=
-github.com/a-h/templ v0.2.648/go.mod h1:SA7mtYwVEajbIXFRh3vKdYm/4FYyLQAtPH1+KxzGPA8=
-github.com/agiledragon/gomonkey/v2 v2.10.1 h1:FPJJNykD1957cZlGhr9X0zjr291/lbazoZ/dmc4mS4c=
-github.com/agiledragon/gomonkey/v2 v2.10.1/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY=
-github.com/alexedwards/scs/v2 v2.8.0 h1:h31yUYoycPuL0zt14c0gd+oqxfRwIj6SOjHdKRZxhEw=
-github.com/alexedwards/scs/v2 v2.8.0/go.mod h1:ToaROZxyKukJKT/xLcVQAChi5k6+Pn1Gvmdl7h3RRj8=
+github.com/a-h/templ v0.2.663 h1:aa0WMm27InkYHGjimcM7us6hJ6BLhg98ZbfaiDPyjHE=
+github.com/a-h/templ v0.2.663/go.mod h1:SA7mtYwVEajbIXFRh3vKdYm/4FYyLQAtPH1+KxzGPA8=
+github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
+github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/caarlos0/env/v10 v10.0.0 h1:yIHUBZGsyqCnpTkbjk8asUlx6RFhhEs+h7TOBdgdzXA=
 github.com/caarlos0/env/v10 v10.0.0/go.mod h1:ZfulV76NvVPw3tm591U4SwL3Xx9ldzBP9aGxzeN7G18=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -12,6 +10,15 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s=
+github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
@@ -25,16 +32,24 @@ github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn
 github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww=
-github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/jeremija/gosubmit v0.2.7 h1:At0OhGCFGPXyjPYAsCchoBUhE099pcBXmsb4iZqROIc=
+github.com/jeremija/gosubmit v0.2.7/go.mod h1:Ui+HS073lCFREXBbdfrJzMB57OI/bdxTiLtrDHHhFPI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/logto-io/go v1.0.4 h1:yErBaDjjBVYhSV+i+4dbL4aHnKJJdpixdc1FyUXCK08=
-github.com/logto-io/go v1.0.4/go.mod h1:boXm1vNHQ4ugp3LautprjGYLJ+7XybKiJrTPD0Ob1AM=
+github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=
+github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=
+github.com/muhlemmer/httpforwarded v0.1.0 h1:x4DLrzXdliq8mprgUMR0olDvHGkou5BJsK/vWUetyzY=
+github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ0q9oQ90BVoDEtw0=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -43,31 +58,52 @@ github.com/r3labs/sse/v2 v2.10.0/go.mod h1:Igau6Whc+F17QUgML1fYe1VPZzTV6EMCnYktE
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
+github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tklauser/go-sysconf v0.3.13 h1:GBUpcahXSpR2xN01jhkNAbTLRk2Yzgggk8IM08lq3r4=
 github.com/tklauser/go-sysconf v0.3.13/go.mod h1:zwleP4Q4OehZHGn4CYZDipCgg9usW5IJePewFCGVEa0=
 github.com/tklauser/numcpus v0.7.0 h1:yjuerZP127QG9m5Zh/mSO4wqurYil27tHrqwRoRjpr4=
 github.com/tklauser/numcpus v0.7.0/go.mod h1:bb6dMVcj8A42tSE7i32fsIUCbQNllK5iDguyOZRUzAY=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+github.com/zitadel/logging v0.6.0 h1:t5Nnt//r+m2ZhhoTmoPX+c96pbMarqJvW1Vq6xFTank=
+github.com/zitadel/logging v0.6.0/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
+github.com/zitadel/oidc/v3 v3.21.0 h1:dvhPLAOCJQHxZq+1vqd2+TYu1EzwrHhnPSSh4nVamgo=
+github.com/zitadel/oidc/v3 v3.21.0/go.mod h1:3uCwJc680oWoTBdzIppMZQS+VNxq+sVcwgodbreuatM=
+github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
+github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
+github.com/zitadel/zitadel-go/v3 v3.0.0-next.2 h1:w0lnLvijwQwkrUEA74loenNR9udRAaq6rccjlMSA+4U=
+github.com/zitadel/zitadel-go/v3 v3.0.0-next.2/go.mod h1:SY9IZuDw/766mwEobCX7JNwXawIQxVseo679JG1U0c0=
+go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k=
+go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg=
+go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA=
+go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s=
+go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM=
+go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc=
+golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/net v0.0.0-20191116160921-f9c825593386/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
+golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
@@ -76,8 +112,8 @@ gopkg.in/cenkalti/backoff.v1 v1.1.0/go.mod h1:J6Vskwqd+OMVJl8C33mmtxTBs2gyzfv7UD
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
-gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/handlers/app.handlers.go b/handlers/app.handlers.go
index 8ea6872..c02a08a 100644
--- a/handlers/app.handlers.go
+++ b/handlers/app.handlers.go
@@ -1,11 +1,9 @@
 package handlers
 
 import (
-	"log/slog"
 	"net/http"
 
-	"github.com/logto-io/go/client"
-	"github.com/logto-io/go/core"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 
 	"gitlab.unjx.de/flohoss/godash/internal/env"
 	"gitlab.unjx.de/flohoss/godash/services"
@@ -53,21 +51,10 @@ func (bh *AppHandler) appHandler(w http.ResponseWriter, r *http.Request) {
 	liveSystem := bh.systemService.GetLiveInformation()
 	weather := bh.weatherService.GetCurrentWeather()
 
-	var claims *core.IdTokenClaims
-	if bh.authHandler.sessionManager != nil {
-		logtoClient := client.NewLogtoClient(
-			bh.authHandler.logtoConfig,
-			&SessionStorage{
-				sessionManager: bh.authHandler.sessionManager,
-				write:          w,
-				request:        r,
-			},
-		)
-		c, err := logtoClient.GetIdTokenClaims()
-		if err != nil {
-			slog.Warn("cannot get id token claims", "err", err)
-		}
-		claims = &c
+	var claims *oidc.UserInfo
+	if bh.authHandler != nil {
+		authCtx := bh.authHandler.middleware.Context(r.Context())
+		claims = authCtx.UserInfo
 	}
 
 	titlePage := bh.env.Title
diff --git a/handlers/auth.handlers.go b/handlers/auth.handlers.go
index 9a1a35e..9f89d55 100644
--- a/handlers/auth.handlers.go
+++ b/handlers/auth.handlers.go
@@ -1,111 +1,36 @@
 package handlers
 
 import (
-	"net/http"
-
-	"github.com/alexedwards/scs/v2"
-	"github.com/logto-io/go/client"
-	"github.com/logto-io/go/core"
+	"context"
+	"log/slog"
+	"os"
 
 	"gitlab.unjx.de/flohoss/godash/internal/env"
+
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/zitadel-go/v3/pkg/authentication"
+	openid "github.com/zitadel/zitadel-go/v3/pkg/authentication/oidc"
+	"github.com/zitadel/zitadel-go/v3/pkg/zitadel"
 )
 
-func NewAuthHandler(env *env.Config, sessionManager *scs.SessionManager) *AuthHandler {
+func NewAuthHandler(env *env.Config) *AuthHandler {
+	ctx := context.Background()
+	authN, err := authentication.New(ctx, zitadel.New(env.OIDCIssuerUrl), env.OIDCClientSecret,
+		openid.DefaultAuthentication(env.OIDCClientId, env.OIDCRedirectUri, env.OIDCClientSecret),
+	)
+	if err != nil {
+		slog.Error("zitadel sdk could not initialize", "error", err)
+		os.Exit(1)
+	}
+	mw := authentication.Middleware(authN)
+
 	return &AuthHandler{
-		logtoConfig: &client.LogtoConfig{
-			Endpoint:  env.OIDCIssuerUrl,
-			AppId:     env.OIDCClientId,
-			AppSecret: env.OIDCClientSecret,
-			Scopes: []string{
-				core.UserScopeProfile,
-				core.UserScopeEmail,
-				core.UserScopeCustomData,
-				core.UserScopeIdentities,
-				core.UserScopeRoles,
-			},
-		},
-		sessionManager:         sessionManager,
-		redirectUri:            env.OIDCRedirectUri,
-		postSignOutRedirectUri: env.OIDCPostSignOutRedirectUri,
+		authenticator: authN,
+		middleware:    mw,
 	}
 }
 
 type AuthHandler struct {
-	logtoConfig            *client.LogtoConfig
-	sessionManager         *scs.SessionManager
-	redirectUri            string
-	postSignOutRedirectUri string
-}
-
-func (ah *AuthHandler) authRequired(handler http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if ah.sessionManager == nil {
-			handler.ServeHTTP(w, r)
-			return
-		}
-		logtoClient := client.NewLogtoClient(
-			ah.logtoConfig,
-			&SessionStorage{
-				sessionManager: ah.sessionManager,
-				write:          w,
-				request:        r,
-			},
-		)
-		if !logtoClient.IsAuthenticated() {
-			http.Redirect(w, r, "/sign-in", http.StatusTemporaryRedirect)
-			return
-		}
-		handler.ServeHTTP(w, r)
-	})
-}
-
-func (ah *AuthHandler) signInHandler(w http.ResponseWriter, r *http.Request) {
-	logtoClient := client.NewLogtoClient(
-		ah.logtoConfig,
-		&SessionStorage{
-			sessionManager: ah.sessionManager,
-			write:          w,
-			request:        r,
-		},
-	)
-	signInUri, err := logtoClient.SignIn(ah.redirectUri)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	http.Redirect(w, r, signInUri, http.StatusTemporaryRedirect)
-}
-
-func (ah *AuthHandler) signInCallbackHandler(w http.ResponseWriter, r *http.Request) {
-	logtoClient := client.NewLogtoClient(
-		ah.logtoConfig,
-		&SessionStorage{
-			sessionManager: ah.sessionManager,
-			write:          w,
-			request:        r,
-		},
-	)
-	err := logtoClient.HandleSignInCallback(r)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
-}
-
-func (ah *AuthHandler) signOutHandler(w http.ResponseWriter, r *http.Request) {
-	logtoClient := client.NewLogtoClient(
-		ah.logtoConfig,
-		&SessionStorage{
-			sessionManager: ah.sessionManager,
-			write:          w,
-			request:        r,
-		},
-	)
-	signOutUri, err := logtoClient.SignOut(ah.postSignOutRedirectUri)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	http.Redirect(w, r, signOutUri, http.StatusTemporaryRedirect)
+	authenticator *authentication.Authenticator[*openid.UserInfoContext[*oidc.IDTokenClaims, *oidc.UserInfo]]
+	middleware    *authentication.Interceptor[*openid.UserInfoContext[*oidc.IDTokenClaims, *oidc.UserInfo]]
 }
diff --git a/handlers/routes.go b/handlers/routes.go
index 8adda3f..bdb52ee 100644
--- a/handlers/routes.go
+++ b/handlers/routes.go
@@ -7,18 +7,27 @@ import (
 )
 
 func SetupRoutes(router *http.ServeMux, sse *sse.Server, appHandler *AppHandler, authHandler *AuthHandler) {
-	if authHandler.sessionManager != nil {
-		router.HandleFunc("GET /sign-in", authHandler.signInHandler)
-		router.HandleFunc("GET /sign-in-callback", authHandler.signInCallbackHandler)
-		router.HandleFunc("GET /sign-out", authHandler.signOutHandler)
+	if authHandler != nil {
+		router.Handle("GET /auth/", authHandler.authenticator)
+
+		router.Handle("GET /sse", authHandler.middleware.RequireAuthentication()(http.HandlerFunc(sse.ServeHTTP)))
+
+		fsAssets := http.FileServer(http.Dir("assets"))
+		router.Handle("GET /assets/", authHandler.middleware.RequireAuthentication()(http.StripPrefix("/assets/", fsAssets)))
+
+		fsIcons := http.FileServer(http.Dir("storage/icons"))
+		router.Handle("GET /storage/icons/", authHandler.middleware.RequireAuthentication()(http.StripPrefix("/storage/icons/", fsIcons)))
+
+		router.Handle("GET /", authHandler.middleware.RequireAuthentication()(http.HandlerFunc(appHandler.appHandler)))
+	} else {
+		router.HandleFunc("GET /sse", sse.ServeHTTP)
+
+		fsAssets := http.FileServer(http.Dir("assets"))
+		router.Handle("GET /assets/", http.StripPrefix("/assets/", fsAssets))
+
+		fsIcons := http.FileServer(http.Dir("storage/icons"))
+		router.Handle("GET /storage/icons/", http.StripPrefix("/storage/icons/", fsIcons))
+
+		router.HandleFunc("GET /", appHandler.appHandler)
 	}
-	router.Handle("GET /sse", authHandler.authRequired(http.HandlerFunc(sse.ServeHTTP)))
-
-	fsAssets := http.FileServer(http.Dir("assets"))
-	router.Handle("GET /assets/", authHandler.authRequired(http.StripPrefix("/assets/", fsAssets)))
-
-	fsIcons := http.FileServer(http.Dir("storage/icons"))
-	router.Handle("GET /storage/icons/", authHandler.authRequired(http.StripPrefix("/storage/icons/", fsIcons)))
-
-	router.Handle("GET /", authHandler.authRequired(http.HandlerFunc(appHandler.appHandler)))
 }
diff --git a/handlers/session.go b/handlers/session.go
deleted file mode 100644
index 82018ab..0000000
--- a/handlers/session.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-
-	"github.com/alexedwards/scs/v2"
-)
-
-type SessionStorage struct {
-	sessionManager *scs.SessionManager
-	write          http.ResponseWriter
-	request        *http.Request
-}
-
-func NewSessionStorage(w http.ResponseWriter, r *http.Request) *SessionStorage {
-	return &SessionStorage{write: w, request: r}
-}
-
-func (s *SessionStorage) GetItem(key string) string {
-	return s.sessionManager.GetString(s.request.Context(), key)
-}
-
-func (s *SessionStorage) SetItem(key, value string) {
-	s.sessionManager.Put(s.request.Context(), key, value)
-}
diff --git a/internal/env/env.go b/internal/env/env.go
index ffa96e2..f8e247f 100644
--- a/internal/env/env.go
+++ b/internal/env/env.go
@@ -8,21 +8,20 @@ import (
 )
 
 type Config struct {
-	TimeZone                   string  `env:"TZ" envDefault:"Etc/UTC" validate:"timezone"`
-	Title                      string  `env:"TITLE" envDefault:"goDash"`
-	Port                       int     `env:"PORT" envDefault:"4000" validate:"min=1024,max=49151"`
-	Version                    string  `env:"APP_VERSION"`
-	LocationLatitude           float32 `env:"LOCATION_LATITUDE" envDefault:"48.780331609463815" validate:"latitude"`
-	LocationLongitude          float32 `env:"LOCATION_LONGITUDE" envDefault:"9.177968320179422" validate:"longitude"`
-	WeatherKey                 string  `env:"WEATHER_KEY"`
-	WeatherUnits               string  `env:"WEATHER_UNITS" envDefault:"metric"`
-	WeatherLanguage            string  `env:"WEATHER_LANG" envDefault:"en" validate:"bcp47_language_tag"`
-	WeatherDigits              bool    `env:"WEATHER_DIGITS" envDefault:"false"`
-	OIDCIssuerUrl              string  `env:"OIDC_ISSUER_URL" default:"" validate:"omitempty,url"`
-	OIDCRedirectUri            string  `env:"OIDC_REDIRECT_URI" validate:"omitempty,url"`
-	OIDCPostSignOutRedirectUri string  `env:"OIDC_POST_SIGN_OUT_REDIRECT_URI" validate:"omitempty,url"`
-	OIDCClientId               string  `env:"OIDC_CLIENT_ID,unset"`
-	OIDCClientSecret           string  `env:"OIDC_CLIENT_SECRET,unset"`
+	TimeZone          string  `env:"TZ" envDefault:"Etc/UTC" validate:"timezone"`
+	Title             string  `env:"TITLE" envDefault:"goDash"`
+	Port              int     `env:"PORT" envDefault:"4000" validate:"min=1024,max=49151"`
+	Version           string  `env:"APP_VERSION"`
+	LocationLatitude  float32 `env:"LOCATION_LATITUDE" envDefault:"48.780331609463815" validate:"latitude"`
+	LocationLongitude float32 `env:"LOCATION_LONGITUDE" envDefault:"9.177968320179422" validate:"longitude"`
+	WeatherKey        string  `env:"WEATHER_KEY"`
+	WeatherUnits      string  `env:"WEATHER_UNITS" envDefault:"metric"`
+	WeatherLanguage   string  `env:"WEATHER_LANG" envDefault:"en" validate:"bcp47_language_tag"`
+	WeatherDigits     bool    `env:"WEATHER_DIGITS" envDefault:"false"`
+	OIDCIssuerUrl     string  `env:"OIDC_ISSUER_URL" default:"" validate:"omitempty,fqdn"`
+	OIDCRedirectUri   string  `env:"OIDC_REDIRECT_URI" validate:"omitempty,url"`
+	OIDCClientId      string  `env:"OIDC_CLIENT_ID,unset"`
+	OIDCClientSecret  string  `env:"OIDC_CLIENT_SECRET,unset"`
 }
 
 var errParse = errors.New("error parsing environment variables")
diff --git a/main.go b/main.go
index c2473a6..fdf0f63 100644
--- a/main.go
+++ b/main.go
@@ -6,9 +6,7 @@ import (
 	"log/slog"
 	"net/http"
 	"os"
-	"time"
 
-	"github.com/alexedwards/scs/v2"
 	"github.com/r3labs/sse/v2"
 
 	"gitlab.unjx.de/flohoss/godash/handlers"
@@ -23,11 +21,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	var sessionManager *scs.SessionManager
-	if env.OIDCIssuerUrl != "" {
-		sessionManager = scs.New()
-		sessionManager.Lifetime = 168 * time.Hour
-	}
 	router := http.NewServeMux()
 	sse := sse.New()
 	sse.AutoReplay = false
@@ -36,17 +29,16 @@ func main() {
 	w := services.NewWeatherService(sse, env)
 	b := services.NewBookmarkService()
 
-	authHandler := handlers.NewAuthHandler(env, sessionManager)
+	var authHandler *handlers.AuthHandler
+	if env.OIDCIssuerUrl != "" {
+		authHandler = handlers.NewAuthHandler(env)
+	}
 	appHandler := handlers.NewAppHandler(env, authHandler, s, w, b)
 	handlers.SetupRoutes(router, sse, appHandler, authHandler)
 
 	lis := fmt.Sprintf(":%d", env.Port)
 	slog.Info("server listening, press ctrl+c to stop", "addr", "http://localhost"+lis)
-	if sessionManager != nil {
-		err = http.ListenAndServe(lis, sessionManager.LoadAndSave(router))
-	} else {
-		err = http.ListenAndServe(lis, router)
-	}
+	err = http.ListenAndServe(lis, router)
 	if !errors.Is(err, http.ErrServerClosed) {
 		slog.Error("server terminated", "error", err)
 		os.Exit(1)
diff --git a/views/home/home.templ b/views/home/home.templ
index d8d7dc4..a0a2980 100644
--- a/views/home/home.templ
+++ b/views/home/home.templ
@@ -3,14 +3,14 @@ package home
 import (
 	"fmt"
 
-	"github.com/logto-io/go/core"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
 
 	"gitlab.unjx.de/flohoss/godash/services"
 	"gitlab.unjx.de/flohoss/godash/views/layout"
 	"gitlab.unjx.de/flohoss/godash/components"
 )
 
-templ Home(title string, claims *core.IdTokenClaims, bookmarks *services.Bookmarks, static *services.StaticInformation, live *services.LiveInformation, weather *services.OpenWeather) {
+templ Home(title string, claims *oidc.UserInfo, bookmarks *services.Bookmarks, static *services.StaticInformation, live *services.LiveInformation, weather *services.OpenWeather) {
 	<section class="grid gap-10">
 		<div class="flex w-full justify-between items-center">
 			@components.Weather(weather)