Linking multiple emails
Dear everyone
My programmer has a little problem. in the old system we were able to link 2 or more email adresses together in the user-profile as we often had the situation where they want to login with a private email but due to the nature of our platform also use their professional email for that and we could link this together.
our programmer said that zitadel is always "1 email is 1 account" so we cant do that anymore. Did someone of you have the same problem once or how would you solve this?...
How to enable user self-registration option on login page?
This seems like a simple thing but I can't seem to figure it out. I'm using Zitadel for oAuth/OIDC apps. When the apps redirect user to login, they are sent to /ui/login/login but it only has a Login Name field and a next button. If they aren't already registered there doesn't appear to be a way for them to register. How can I let them register if they haven't already?
I've read this (https://zitadel.com/docs/guides/integrate/onboarding/end-users#built-in-register-form) but, since they're not logged in, the app wouldn't know if they are already registered and wouldn't know whether to send that prompt parameter....
Visting sites that SSO with the same Zitadel instance
If a customer logs in from one site, can they seamlessly go between multiple sites using the same Zitadel instance for SSO without having to log in again?
How to trigger MFA init for a specific user?
I want users in my application to setup MFA (u2f, TOTP, email/sms) . However, I don't want to implement it on my own, and I'd prefer to use the existing UI that I see after first login.
In other words, ideal flow is:
1. User presses a button in my app "setup the MFA", and makes a ZITADEL API call.
2. I log user out...
Typescript Login UI
Use-case: I want to deploy the Next.js based UI.
Environment: Development env - self-hosting
Version: Version 3.2.2 according to the Zitadel UI
Stack: Docker Zitadel Backend and Next.js
...
Is it possible to set password change requirement without providing new/old passowrd?
I have admin panel with usermanagement in which I want to set requirement for change password for user, but I do not want change current password. And I do not know it.
In other side if it's not possible can zitadel send email with new password?...
I wanted to install Zitadel as selfhosted, but I can't login.
The better expalination is on github:
https://github.com/zitadel/zitadel/issues/10123
Can somebody help me, to start one time this application???...
Is it possible to configure IDPs via API?
Or is the Web UI always required? Our team is just evaluating Zitadel as self hosted authentication solution. We would need to configure Zitadel via API though. Is this possible? because i could not find anything in the docs. In the API section i was only able to find a few GET requests.
Get org_id from UpdateHumanUser event
I'm using the Actions v2 to listen to some Requests. On my problem, I need to get the user metadata when the UpdateHumanUser is called. For getting the metadata we need to call the get user metadata endpoint. To do that we need to pass the org_id of the user in question if the caller user and the user we want the metadata from belong to a different org (usually my case).
The payload from the Request we get is bellow
The problem is that the org_id from the payload is the org_id from the user making the call not the user been changed. ...
How hard is passing an organization ID in the JWT?
How feasible is it to embed an organization ID directly into the JWT that Zitadel issues? Are there built-in mechanisms or recommended hooks to inject a custom
org_id claim at token-issuance time? What pitfalls should I watch out for (e.g. token bloat, signature issues, claim collisions)?
Use-case: Zitadel for API Authentication and authorization (user login and machine API Tokens)
Environment: Self-hosting
Version: Will use the latest stable...Don't send initialization email
Hello is it possible to disable the user initialization email? We have a case where we want to defer this as we will import a large number of users. Ideally once a user comes and enters their email to login they'll be prompted to first verify their email then reset their password. I have looked at the docs but I don't want to completely disable is_verified already? Any ideas. Cheers
Fast API Backend + Vite React SPA frontend
I am confused if I should be creating 2 applications or 1 application for this setup.
Basically I want to authenticate the user and send them an opaque token via cookie and use that for all of the auth downstream. I am not thinking of AuthZ, for AuthZ i think i'll need to reachout to something like casbin as zitadel AuthZ seems more around zitadel specific resources and not application specific things as per say. But AuthZ is another story.
This thread talks about it: https://discord.com/channels/927474939156643850/1307108134619451453/1307108134619451453
...
Import user from keycloak
Hi everyone! I found an article in the docs about importing a user from keyclock. https://zitadel.com/docs/guides/migrate/sources/keycloak#import-user-to-zitadel-via-zitadel-api
So I think this is deprecated. It doesn't support argon2 encryption.
Also the /management/v1/users/human/_import endpoint is deprecated.
Is there a way to migrate users from keycloak?...
Select Organization, Zitadel V3, Typescript Login UI, Session API
hi team,
I did quite some research on this, many of the posts / discussions / issues / messages are from a while ago where Typescript Login UI is not available.
so i wanted to ask for a updated guide on how to implement organization selection in Typescript Login UI. ...
OAuth token revocation
Hi, guys!
Help me understand plz. We implemented Oauth flow, everything works fine but I fail to understand connection between session and tokens.
When user logs out - out frontend (using Zitadel lib) calls /oidc/v1/end_session. In user_sessions table respective session changes state from 0 to 1, and access token becomes invalid. However refresh token is not being revoked and I can still get access token using it. ...
PAT Token
I want to use some of the curl-based API requests I have seen throughout the documentation in my local docker environment. Correct me if I am wrong, but the easiest way would be to create a service user and a personal access token in the ZITADEL organisation. Then, use this personal access token in the Bearer field for the requests. And which role(s) should my service user have to execute admin-level operations?
Apple Sign-In | "invalid_client"
Hello, I'm trying to set up Apple sign-in for my family, but I can't avoid the "invalid_client" error on Apple's end. I've tried regenerating everything, and adding "/form" to the end of the callback URL, and nothing works. What might I be doing wrong? Thanks!
Very slow migration (2.61.0 --> 3.3.0)
Hi team!
First of all, thank you for this amazing piece of software! Really great dev experience so far.
We are self-hosting Zitadel on Kubernetes. As we continue developing our application that will eventually integrate with Zitadel, we decide to update our dependencies, including Zitadel itself. We upgraded from 2.61.0 to 3.3.0. The database contains ~84,000 users....
Zitadel Database disk usage
Hello
the DB (PG) used by our Zitadel instance is consuming a lot of disk space and growning - is there any resource that give specific pointers on optimizations? e.g.: clean up routines, delete old data, etc.
asking only for Zitadel specific stuff, PG generic stuff we can handle on our own, not to wast anyone's time 😂
Thanks!...