- Add federated logout endpoint that clears Auth.js session AND ends
Zitadel SSO session via OIDC end_session endpoint
- Move sign-in page from /auth/signin to /login to avoid Auth.js
route conflict causing ERR_TOO_MANY_REDIRECTS
- Add callbackUrl to all signIn calls so users land on /dashboard
- Store id_token in session for federated logout id_token_hint
- Fix Zitadel healthcheck using binary ready command (no curl needed)
- Update post_logout_redirect_uri in setup script
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
