zitadel setup times out
```
zitadel setup --masterkeyFromEnv --init-projections=true --config ../z_actions.yaml --config ../z_authn.yaml --config ../z_authz.yaml --config ../z_db.yaml --config ../z_runtime.yaml --config ../z_telemetry.yaml --config ../z_usage_control.yaml --steps ./z_initial_instance.yaml
INFO[0000] setup started caller="github.com/zitadel/zitadel/cmd/setup/setup.go:103"
...
User update via API v2 causes 405 error.
I am using v3.2.3 self-hosted.
I try to use the API and started with updating the usirinfo. According to the https://zitadel.com/docs/apis/resources/user_service_v2/user-service-update-user , it should be PATCH /v2/users/:userId
I make a PATCH request http://localhost:8080/v2/users/319291506421202948 with the following body
...
Migration failed issue
Hi, I am trying to run an example of zitadel with my own config but it doesn't work. I keep getting 2025-06-15T16:58:40.908839000Z time="2025-06-15T16:58:40Z" level=error msg="migration failed" caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:68" error="ID=INST-9JdRe Message=Errors.Invalid.Argument" name=03_default_instance. I can provide my config is needed of course
No matching permissions found (AUTH-5mWD2)
Good day.
I am trying to set a target for an action using the action v2beta endpoint but get this error "No matching permissions found (AUTH-5mWD2)"
I am using the self hosted version and running version v3.3.0...
Create user api method
Hello everyone. Is it possible to create a human user without email in zitadel via the service api? The main identifier will be phone. I also don't need a name and a family name. In docs, there are mandatory arguments for creating user: email and in profile name and family name
is there a zitadel config generator?
something similar to these:
https://pgtune.leopard.in.ua/
https://www.digitalocean.com/community/tools/nginx
...
Configure NameID value
Hello, i'm trying to configure an SAML application that required to have email value from NameID and it's currently set with username and it's seem there is no way to replace it. Do you hve any clue to fix this behaviour ?
Using Passkey - Webauthn begin login failed WEBAU-4G8sw
Hey!
I've been trying to get PassKeys to work with Custom UI for a good while now, but I'm just getting 500 errors when following the documentation. Since we're on Discord and the question, assumption and explanation is too long, you'll find the whole message/explanation as attached as a .txt file ðŸ«
Thanks!...
unauthorized_client NextJS Frontend and Go Backend
Hello, as the title states. I have a SaaS with a golang backend with an API application, and a nextjs frontend with a PKCE application. The frontend can authenticate users normally and get the access and ID tokens, but when the access token is sent to the backend token introspection fails with the error "unauthorized_client". The same exact setup was working one day ago, what could have ruined it? I am on zitadel cloud.
mailcow & Zitadel
Hello,
im currently adding zitadel as authentification provider for my mailcow instance.
My configuration is currently the following: http://cdn.fynncraft.de/u/597aba1b-5837-46a4-b485-03a8ec10db47.png...
Kubernetes configuration to DBaaS
Hello everyone,
I'm trying to install ZITADEL in my Kubernetes cluster and connect it to an existing DBaaS (PostgreSQL).
I'm hitting a fatal error during startup:...
SAML Authnreq signiture format support
Use-case:
I would like for Zitadel to accept signing of Authnreq requests from SP other then within x509 element, like in format:
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>...
Zitadel action on update user
hey all, I am working with zitadel 2.71.10 (self hosted) and I wanted to see if I could sync my Zitadel instance with my database. Say I update my user's name in Zitadel I would like to push this to my database. Is there an action trigger I am overlooking or would this be a custom build?
Apple Sign-In | Redirect Fix, "Invalid web redirect url"
ZITADEL redirect url: https://{your-domain}/ui/login/login/externalidp/callback
This is the link what I should have to add to the service id's redirect links field.
But I got a problem "invalid web redirect url"
One of provider put "/form" end to the url and this is the problem....
Apple Sign-in "issuer does not match" error
Hello!
when using Apple sign-in I'm getting the following error: "issuer does not match" on the login UI
looks like Apple changed their OpenID config
...
Token Exchange - complement token with email of impersonator
Hello Zitadel crew 👋
I'm working on adding impersonation to our application leveraging Zitadel, and one thing we've been doing is complementing the access token with the user email, e.g.:
```
{...
Migrating Zitadel version stuck on step47_fill_membereship_fields
Environment: I'm self hosting Zitadel with a Postgres database.
Version: Currently running 2.66.3. Trying to update to 3.2.3.
Stack: I'm running Zitadel in a Kubernetes cluster in Azure and the Postgres database also in Azure running v15.12. Since it concerns membership fields, maybe it has something to do with the custom user roles? I'm setting the ZITADEL_INTERNALAUTHZ_ROLEPERMISSIONMAPPINGS arg to add some custom user roles on top of the existing roles.
What you expected to happen: The migration runs successfully.
What went wrong: The migration seems to get stuck on the migration step=47_fill_membership_fields. The migration has currently been running for 40 minutes, repeating the same warning message. See the attached .txt...
Actions V2 Complement Token
While reading some documentation of the new Actions V2 iam wondering, if it will be still possible to create some actions to complement a token with some custom claims without creating an external service.
Will this still be possible without an external service?
https://zitadel.com/docs/guides/integrate/actions/testing-function Test Actions Response Manipulation | ZITADEL Docs...
I try to add a member to a granted project, but I keep getting an error "PROJECT-m9gKK"
I try to add a member to a granted project, but i keep getting this error:
{"code":3,"message":"Errors.Project.Grant.Member.Invalid (PROJECT-m9gKK)","details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail","id":"PROJECT-m9gKK","message":"Errors.Project.Grant.Member.Invalid"}]}
The user I try to add is existing and activated. I have double checked that I use the correct Project and Grant ID; and the correct Org ID is passed as a header to the POST request. I have as well checked that I don't pass any role to the request that is not valid or not existing. Any help is more than welcome. Ref to API call details: https://zitadel.com/docs/apis/resources/mgmt/management-service-add-project-grant-member...I'm confused after signing up for a cloud account with github?
I sign up with github for a free cloud account. After questions I get 5 steps. I complete 1. Create your first Instance, 2. Sign in your first instance, then I get to 3, Create your first project, which opens in a new browser window. I go though those steps which I have to create yet another account in which I add 2FA.
BUT, now Step 3 remains with an active button "Create Your Project"
HOW do I get past this step?...