ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

spicypixel
spicypixel
View on Discord
5/28/2025

Retrieving user roles and the shape of the data returned

I'm reading https://zitadel.com/docs/guides/integrate/retrieve-user-roles#retrieve-roles-from-the-userinfo-endpoint and implementing it in my frontend to be able to check through the urn:zitadel:iam:org:project:{projectId}:roles key(s) in my response. In one org a user has a map response like documentation shows, in another org another user has an array of two maps. Why would I be getting an array of two identical maps?...
barchan
barchan
View on Discord
5/28/2025

Google SSO with Zitadel (v2.46.0)

Hello there, I have self hosted Zitadel (v2.46.0), and I want to use Google SSO for login via Zitadel, and for the newly created users I dont want them to create a password and instead directly use Google to login via Zitadel. I followed the documentation below, and it led to nowhere, I keep getting this error after user is created. Also is there no way for me to create a user without their passoword and wihtout having to use requestPasswordlessRegistration as true? ...
No description
Aleksei
Aleksei
View on Discord
5/27/2025

Jobs are timed out when using extra container with cloud-sql-proxy

Hey, I am having an issue with installing this Helm chart and using a Cloud SQL database. I have set up an extra container with cloud-sql-proxy, basically just uncommented the section that was there. The problem is that extra container keeps working after the init script in the main container has finished so the whole job is considered to be running. After this {{ .Values.initJob.activeDeadlineSeconds }} amount of time the job is being killed and failed. The installation process doesn't go any further ...
Johan Alkemade
Johan Alkemade
View on Discord
5/27/2025

COMMAND-CahN2 when migrating an existing user

I'm trying to migrate a user to Zitadel using the AddHumanUser endpoint. The user's password hash is: $scrypt$ln=15,r=8,p=3$nSiEc4X4LqdTnUE9T8E0NaW8wRpuru5LAB25ScJVD+M=$XSJ5bXrlYBNXmylT1QjFo7bqr1l0MzUsWg2iLF1+BCE= The AddHumanUser call is successful, but if I try to login with the user and it's password (using the default Zitadel login screen), i get redirected to the login with the error " An internal error occurred" and the code "COMMAND-CahN2" ...
sagion
sagion
View on Discord
5/26/2025

Saml logout not working

Zitadel version: 3.2.0 (latest) Login v1 and v2 (we are using v2) Use federate logout checkbox in IDP configuration: checked Hello, we have multiple saml idps registered. While the login works fine, the logout does not. ...
anhtuan159
anhtuan159
View on Discord
5/26/2025

Intent has not succeeded

On implementing my own UI I struggle to login with google.
After selecting a Google account and being redirected to the /idp/google/success page, I'm immediately redirected back to the Google account selection screen. This creates an infinite loop. I checked the logs and found the following error:...
anhtuan159
anhtuan159
View on Discord
5/23/2025

Error when login with google

I'm using Login V2 and the TypeScript template for the custom login page. Logging in with email and password works correctly. The issue occurs when I try to log in with a Google account. After selecting the Google account and successfully logging in, I'm redirected to the/idp/google/success page, which shows a successful login message. However, immediately after that, I'm redirected again to accounts.google.com/o/oauth2/v2/auth/oauthchooseaccoun to choose a Google account. This creates an infinite loop. Could someone please help me resolve this issue? Thank you all very much in advance!...
Masum
Masum
View on Discord
5/23/2025

[Bug]: Role deletion/update fails when role key contains a slash (/) – returns 404

The API should handle URL-encoded role keys (e.g., keys containing /) correctly. When a role key like test/abc/app is encoded as test%2Fabc%2Fapp in the URL, the server should correctly decode and process it.
vf-tyler
vf-tyler
View on Discord
5/22/2025

Project Grant Deactivation Access Restriction

Hello, I'm looking to confirm if the following behavior is expected: Deactivating a project grant for an organization does NOT remove access to that project for all users in the organization. - If the above statement is true, is there another way to holistically remove access to a project for all users of an organization without having to deactivate every user's grant?...
Shardool
Shardool
View on Discord
5/22/2025

Actions v2 on v3.1.0 returning [internal] An internal error occurred (QUERY-y2u7vctrha)

Upgraded recently from v2.67.2 to v3.1.0 locally on docker compose. Tried adding a target and an action. After an action was added, I started getting [internal] An internal error occurred (QUERY-y2u7vctrha) and im not able to see my action that was added. Its not being triggered either
nilsense
nilsense
View on Discord
5/22/2025

-debug vs non -debug Zitadel images on ghcr

Hi everyone, With the images Zitadel publishes on ghcr, does anyone know the difference between the -debug and non-debug flavours? For example:...
rcauquil
rcauquil
View on Discord
5/22/2025

Error when connection to Zitadel console

Hi everyone, I'm getting this error when trying to connect to the admin console, any idea ? have a great day...
No description
sp132
sp132
View on Discord
5/22/2025

Event compaction / snapshotting

hi there is it possible to somehow prune or compact the eventstore? We've been running our self-hosted instance for a couple of years now and trying to migrate away from CockroachDB using mirror command. The problem is that it takes very long to mirror the projections (45 hours in fact) with sessions8 taking a bulk of that time. This is mostly garbage data because session TTL is set to 12h anyway and we have no use for "historical" information about sessions or auth requests. By pruning or compacting the eventstore mirror can be completed in a reasonable amount of time, which should help with downtime and the like....
Harshit
Harshit
View on Discord
5/22/2025

How to Allow Same Google User in Multiple ZITADEL Organizations?

Hi! I'm facing an issue with Google login in ZITADEL. I have two organizations (for ArgoCD and Grafana), each with its own Google IDP configured at the org level. When I log in with the same Google account, it registers in one org but fails in the other with "User already exists" error. How can I allow the same Google user to exist across multiple orgs?...
Summoner
Summoner
View on Discord
5/22/2025

Login with only SMS code , How to use a customized ui

🦒
craigzour
craigzour
View on Discord
5/20/2025

Notifier errors since upgraded to 3.0.4

Hello! I am looking for help to understand and debug an issue I have with my Zitadel service. I recently upgraded my self-hosted Zitadel instance from 2.63.4 to 3.0.4 and since then I am getting recurring errors related to some Notifier resource. ...
nilsense
nilsense
View on Discord
5/20/2025

Is there a GO SDK Replacement for Rest /oath/v2/token

As the question states: is there a GO SDK Replacement for REST /oath/v2/token? I looked through the documentation but it doesn't seem to be the case. I feel like I'm missing something though.
Ebram
Ebram
View on Discord
5/20/2025

How to create action to redirect when clicking reset password.

I want to redirect the user to use a custom reset password page off of zitadel is there a way to create an action that redirect the user to somewhere else. If thats not possible how do i get the sub of the user trying to reset there password. Using the event user.human.password.code.added?
No description
boblack_zocker
boblack_zocker
View on Discord
5/20/2025

Organization with only external provider login redirecting to type in password

Hello, I created a organization and i want them only to log in via external provider like microsoft activedirectory. the thing is that when i create a new user he gets redirected to the organization auth page and has to type in a password even if i have disabled password entry. only if i press the back button i get redirected to the external identity. this looks uncommon for me. shouldnt the user be directly redirected?
No description
Jeff D
Jeff D
View on Discord
5/15/2025

Locked out of instance

I've managed to lock myself out of an instance and here's how ... Requirement is to have users register with both an email address and phone number and to have on-time verification of both. So to test that i attempted to set the instance defaults to use SMS 2-Factor verification. After saving the changes i logged out of my app and when i attempt to login it now asks for my phone number which is great, but i never get the SMS code - presumably because i never setup Twilio. So i'm locked out of th...
PreviousNext