ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

lo1tuma
lo1tuma
View on Discord
6/2/2025

pre-authentication action

Hello, according to the documentation a "just-in-time" migration is possible by setting up a "pre-authentication" action (see https://zitadel.com/docs/guides/migrate/introduction#just-in-time-migration). However it is not possible to set up such an action. There is also no further documentation available about this action. Can you please elaborate how this "pre-authentication" setup is supposed to work? ...
rud
rud
View on Discord
6/2/2025

Only getting 404 from /v2beta/projects/search in v3.2.2?

Following the docs at https://zitadel.com/docs/apis/resources/project_service_v2/project-service-list-projects The query is simply a POST to /v2beta/projects/search with a Bearer token. Grabbed from the docs. What am I missing?...
Wolfbergen
Wolfbergen
View on Discord
6/2/2025

permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications

Hi, My instance can't send notifications on password reset or on email verification. I have this error : 
level=error msg="statement execution failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:673" error="ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=info msg="process events failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:436" error="statement failed: ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=error msg="statement execution failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:673" error="ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
level=info msg="process events failed" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:436" error="statement failed: ERROR: permission denied for function seq_nextval (SQLSTATE 42501)" projection=projections.notifications
I have grant all on sequences to my zitadel user (he's also the owner of the sequences). After some research, I saw an error in postgresql logs before the permission denied : ```ERROR: could not obtain lock on row in relation "current_states"...
Sk-7060131690
Sk-7060131690
View on Discord
6/2/2025

External IDP ZOHO login via Generic OIDC throwing error with parameter prompt=select_account

Use-case: We’re integrating Zoho login using Zitadel as the OIDC provider. Environment: Self-hosted Zitadel....
Ralph
Ralph
View on Discord
6/2/2025

Assistance requested with adding custom claim with Actions V2

Use-case: we are fully integrating Zitadel with all our products, replacing the build-in custom IDP of our current platform. I'm writing this post because I am struggling to add a custom claim with Actions V2 when our users are logging in to a specific solution of ours. Environment: Zitadel Cloud Version: v3.2.2 Stack: we are using Xano for our back-end and another software solution where our customers can login to. What you expected to happen: The OIDC part is already working, but I am struggling with Actions V2 to add another custom claim, and I would like to request some guidance here. Please note, I am a low-code/no-code kind of guy, and not a full-fledged developer, so please bear with me 😉 ...
Jonas
Jonas
View on Discord
6/1/2025

upgrading 2.63.1 to >=2.63.2 with cockroachdb gives me errors

The problem is further explained on this github post, can anyone help?
phyothiha
phyothiha
View on Discord
6/1/2025

How to include a service user in IAM owner role?

Hi guys, I am just testing out Zitadel and want to implement a action(v2) to integrate with my webhook for syncing successfully registered users. For now, I have set targets and actions but the webhook is not triggered. As far as I know, if I want to test this from an API client, I need to have IAM owner role. How can I achieve IAM owner token for that or add a service user to IAM Owner role? I think I messed up somewhere in the config because I can't export token for my current IAM user. Please...
Ebram
Ebram
View on Discord
5/30/2025

How do I get the PAT of the First Machine User

https://github.com/zitadel/zitadel-charts/tree/main/examples/4-machine-user I followed the guide above and I can see that the PAT was created in the console but how can I get it. It says it creates a Kubernetes secret, but I don't see it....
Arttii
Arttii
View on Discord
5/30/2025

Get User Org Golang

How is it possible to get a requesting users' Organization metadata in Golang? Essentially, I have the bearer token after introspection and I would like to fetch the metadata on the organization. If the user is a manager on the Org this will work, but how can i set this up for say externally authenticated users, without manual intervention or having to call webhooks and assigning permission. Currently, we are using the actions to add this to claims, but due to the way actions 2 is working, I am wondering if it's worth doing it like that or just fetch it in the backend. Thanks!...
Helixo
Helixo
View on Discord
5/29/2025

Self hosted vs cloud pricing and limitations

Hello , We are currently evaluating Zitadel for use within our company and plan to deploy the open-source version, self-hosted in our own infrastructure. Our main use cases are authentication via local accounts and allowing our users to connect using their own external Identity Providers (IDPs). We are trying to understand if there are any limits in the self-hosted open-source software that would require purchasing a license to surpass them. Specifically:...
JoseSzycho
JoseSzycho
View on Discord
5/29/2025

Go Zitadel Client

Could it be possible that the Zitadel Go client does not include all methods from the Zitadel API? For example, I’ve been trying to create a Machine User using the Go client, but it seems the necessary methods are not available....
Gabriel Brandão
Gabriel Brandão
View on Discord
5/28/2025

Cloud SQL High CPU Usage

We are using CloudSQL with postgres 15, and everyday at 12:00 pm, we have a 100% CPU consumption as we can see in the first image. We saw that the queries that are consuming the most from our database are those in the second image, but this query: "select owner, created_at, "sequence", position from eventstore.push($1::eventstore.command[])" were called 15 thousand times, this query overload our database, this is happening in our production environment everyday, so we need some help ASAP We have a 4 vCPU and 16 GB RAM of CPU and a few more than 20 organizations and 31K of users...
No description
adrian
adrian
View on Discord
5/28/2025

Change Reset Password Link

Is it possible to change the URL that the "Reset Password" link routes to?
No description
spicypixel
spicypixel
View on Discord
5/28/2025

Retrieving user roles and the shape of the data returned

I'm reading https://zitadel.com/docs/guides/integrate/retrieve-user-roles#retrieve-roles-from-the-userinfo-endpoint and implementing it in my frontend to be able to check through the urn:zitadel:iam:org:project:{projectId}:roles key(s) in my response. In one org a user has a map response like documentation shows, in another org another user has an array of two maps. Why would I be getting an array of two identical maps?...
barchan
barchan
View on Discord
5/28/2025

Google SSO with Zitadel (v2.46.0)

Hello there, I have self hosted Zitadel (v2.46.0), and I want to use Google SSO for login via Zitadel, and for the newly created users I dont want them to create a password and instead directly use Google to login via Zitadel. I followed the documentation below, and it led to nowhere, I keep getting this error after user is created. Also is there no way for me to create a user without their passoword and wihtout having to use requestPasswordlessRegistration as true? ...
No description
Aleksei
Aleksei
View on Discord
5/27/2025

Jobs are timed out when using extra container with cloud-sql-proxy

Hey, I am having an issue with installing this Helm chart and using a Cloud SQL database. I have set up an extra container with cloud-sql-proxy, basically just uncommented the section that was there. The problem is that extra container keeps working after the init script in the main container has finished so the whole job is considered to be running. After this {{ .Values.initJob.activeDeadlineSeconds }} amount of time the job is being killed and failed. The installation process doesn't go any further ...
Johan Alkemade
Johan Alkemade
View on Discord
5/27/2025

COMMAND-CahN2 when migrating an existing user

I'm trying to migrate a user to Zitadel using the AddHumanUser endpoint. The user's password hash is: $scrypt$ln=15,r=8,p=3$nSiEc4X4LqdTnUE9T8E0NaW8wRpuru5LAB25ScJVD+M=$XSJ5bXrlYBNXmylT1QjFo7bqr1l0MzUsWg2iLF1+BCE= The AddHumanUser call is successful, but if I try to login with the user and it's password (using the default Zitadel login screen), i get redirected to the login with the error " An internal error occurred" and the code "COMMAND-CahN2" ...
sagion
sagion
View on Discord
5/26/2025

Saml logout not working

Zitadel version: 3.2.0 (latest) Login v1 and v2 (we are using v2) Use federate logout checkbox in IDP configuration: checked Hello, we have multiple saml idps registered. While the login works fine, the logout does not. ...
anhtuan159
anhtuan159
View on Discord
5/26/2025

Intent has not succeeded

On implementing my own UI I struggle to login with google.
After selecting a Google account and being redirected to the /idp/google/success page, I'm immediately redirected back to the Google account selection screen. This creates an infinite loop. I checked the logs and found the following error:...
anhtuan159
anhtuan159
View on Discord
5/23/2025

Error when login with google

I'm using Login V2 and the TypeScript template for the custom login page. Logging in with email and password works correctly. The issue occurs when I try to log in with a Google account. After selecting the Google account and successfully logging in, I'm redirected to the/idp/google/success page, which shows a successful login message. However, immediately after that, I'm redirected again to accounts.google.com/o/oauth2/v2/auth/oauthchooseaccoun to choose a Google account. This creates an infinite loop. Could someone please help me resolve this issue? Thank you all very much in advance!...
Next