client_credentials issue
1) My company is switching to a new authorisation server selected server is Zitadel
2) Self hosting
3) 4.4.0
4) Nothing fancy java spring boot 3.3.0 Docker latest (4.48.0) postman if that is even important here
5-6) Ok so i'm trying to create a client_credentials connection, i set my spring to a certain client screenshot 1, and i'm trying to access the general dummy method public one works flawlessly secure one? not so much....
Login V2: gRPC call to zitadel.user.v2.UserService.ListUsers returns 403, organization scoped
Use-case: Multi tenancy PaaS
Environment: Self hosting
Version: 4.5.0 in beta env
Hello everyone,...
session api
I am having an issue with custom UI login using the Zitadel API /v2/sessions. I am getting this error, even though I have already added the role for the user to the project
How to get history of IDP Changes from API?
Hello, Is there a way to get a history of a particular IDPs (Org scoped) changes. One of our settings got changed and broke our users' login experience and I'd like to understand what changed and when. Thanks
StartIdentityProviderIntent gRPC Issue
The gRPC
StartIdentityProviderIntent endpoint returns an empty response (only details field) when using service account JWT authentication, but the REST API equivalent (POST /v2/idp_intents) works perfectly with the same auth.
What We Tried
1. gRPC with service account auth → Empty response
2. REST API with service account auth → Works!...Is there a reliable/supported way to tell the Zitadel version using the API?
Usecase: I'm building a tailored Ruby SDK (with domain models, sane defaults, etc - a bit opinionated and tailored to our needs but fairly generic overall. I'm not using the official auto-generated Ruby SDK). On this project, I must know what version the Zitadel server is running, so the SDK can use the appropriate endpoints/parameters.
I found out that the metrics endpoint does return the Zitadel version:
```
GET "/debug/metrics"...
Zitadel in Kubernetes and access from within the cluster
Hi! I'm trying to set up Zitadel running in Kubernetes and having trouble with domain-based instance identification. I can access the admin UI and make API calls using the external domain; all good.
Now, I also want to make calls to Zitadel from within the cluster (using the
...svc.cluster.local Service endpoint) and... I'm stuck.
Trying to access the internal endpoint from within a temporary pod:...userAgent doesn't be returned at get sessions api
I'm using version v4.4.0 but when i call get session api /v2/sessions/search i get sessions without userAgent.
Self-Hosted: Email Verify Redirect Problem
Hello! I’m using self-hosted ZITADEL and creating users with the /v2/users API with isVerified = false. I have an HTTP Email Provider configured, and the user receives the email verification / password initialization email correctly.
The issue is the redirect after password setup:
When the user follows the email verification link, they end up on the ZITADEL Console instead of my app.
But when using Forgot / Reset Password, after password change the user is redirected to my web app correctly....
[Feature Parity Issue] ActionsV2 Missing External IDP Refresh Token Support
Use Case: Centralizing identities for internal + external users (supporting external IDPs like Entra), and enabling our microservices to make API calls on behalf of authenticated users.
Environment: Self-hosted (privacy/security requirements)
Version: recent v4 / Cloud for PoC
Stack: Go microservices, gRPC architecture
...
External SAML IdP integration - multiple issues
Hello,
Using Zitadel v4.2.0 - we are trying to enable an external SAML IdP. We are encountering a number of issues and the documentation doesn't seem to be helping much. The metadata has been uploaded, and the SAML is activated at the instance level.
The two main issues:...
User not found - Impossible to delete - Impossible to recrete
I have some users in my zitadel instance that cannot be updated/deleted.
[not_found] User could not be found (COMMAND-ugjs0upun6)
[not_found] User could not be found (COMMAND-bd4ir1mblj)
The user is visible with all the data in the console....
Debugging integration with external IdPs - can we log outgoing requests?
Currently using Zitadel v3.4.2 deployed with Zitadel Helm chart 8.13.4.
We're currently having a lot of trouble while attempting to integrate an external idp with our Zitadel instance - and unfortunately this has been quite tricky to debug.
Does Zitadel support logging outgoing requests to external IdPs? It would be very very helpful if we could:
* log the redirect request from the external IdP back to Zitadel (along with whatever query parameters it sent)...
Inconsistent state when creating users in ZITADEL + local DB (NestJS + Drizzle ORM)
I’m facing an issue where a user is successfully created in ZITADEL, but the insert into my PostgreSQL database (via Drizzle ORM) fails.
This leaves me with a user that exists in ZITADEL but not in my local DB.
To handle this, I tried creating the user in my DB first with a status = "pending" (waiting for confirmation), then calling ZITADEL, and finally updating the status to "active"....
Whole environment is wiped? Emergency
Use-case: A fullstack project in web (Saas)
Environment: Self hosting
Version: 3.2.2
Stack: Using it for access and user control for authentication, using docker and Azure
What you expected to happen: I was kicked out of my login with a
{"error":"invalid_request","error_description":"Errors.App.NotFound"} error ...Use login v2 UI for both Zitadel console and application and customization
hi team, i am using latest Zitadel Helm Chart to deploy Zitadel (v4.4.0) i have two questions:
1. Any concerns of use the default zitadel-login UI for both Zitadel console and actual applications?
2. How to customize the text in V2 UI: https://github.com/zitadel/typescript/blob/main/locales/en.json...
Proxy external IDP identities
Is there any mechanism to have no local database/user management and instead specify external IDP identities and some regex magic on how to rewrite/reissue them as local zitadel provider identities so user@example.com might be rewritten as user@example.org but keep the SAML/OIDC content the same otherwise as provided by the external IDP?
Also, is there any mechanism for limiting the trusted identities issued by an external IDP? So I can have Apple and Google issue identities, but only for specific domains so google can't issue identities managed by apple, and apple can't issue identities managed by google as a general means of preventing external idp identity spoofing when federated?...
[Self-Hosted] What is the recommended way to run ZITADEL for local development of web and mobile app
I’m struggling to run a local ZITADEL instance that works for the iOS simulator, the Android emulator, and all browsers on the web — so that I can develop my cross-platform Flutter app against it.
Right now, this mainly fails because of the fixed ZITADEL_EXTERNALDOMAIN and the fixed base URIs. For local development, it shouldn’t really matter which domain I use to access the service. At the moment, the only option I see is using something like ngrok, but even then the domain changes from time to time.
I also haven’t figured out how to change the LOGINV2_BASEURI in Docker Compose (or without the admin UI) if the domain changes, to be able to login again.
...
Need help with "private-key-jwt"
Hey folks, I was evaluating Zitadel for my SAAS solution. I needed some help regarding the API application under my project.
I was following the steps in this link from the documentation:
https://zitadel.com/docs/guides/integrate/token-introspection/private-key-jwt
I created an API application under my project and selected "Private Key JWT" for authorisation. I generated the JWT based on the key, keyId and clientId that I found in a JSON file, which was downloaded when I created a key under that API application. I hit this URL
"https://********.zitadel.cloud/oauth/v2/introspect" from "https://hoppscotch.io/" ...
How can I skip Sign in with ZITADEL page and land on Select account or Login Page
Hi everyone 👋,
I’m currently developing a web app using Next.js 15 with NextAuth, and I’m integrating Zitadel for authentication.
I’m trying to figure out how to skip the “Sign in with Zitadel” button and go directly to the “Select Account” or Login page. Am I missing something in my setup?...
