ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

fireblazer🔥

7/31/2025

This is regarding cockroachdb Migration to Postgres,

My setup is done with helmcharts with database cockraochdb, i am using zitadel mirror to migrate to cockroachdb to postgres, i have using secure cockraochdb deployed with helmcharts, its done aks environment I am doing like this , i have port-forward cockraochdb and postgresl both, ...

ALhanouf

7/31/2025

User invalid email (local host) (docker-compose)

I try to setup zitadel locally with docker and next-auth v5 But its every time i run the container the zitadel is failed run because of user email This is the error...

bernard li

7/31/2025

ListUserMetadata

Here is my code： const userService: Client<typeof UserService> = await createServiceForHost( UserService, serviceUrl, );...

Gaia

7/30/2025

How to troubleshoot issues regarding not finding user record on external authentication?

Currently we are using Zitadel v2.41.14. We have configured successfully EntraID SAML provider using this documentation https://zitadel.com/docs/guides/integrate/identity-providers/azure-ad-saml . On first login, it works fine, as the user gets created automatically. However, when the user logs in again, it seems it doesn't find the matching identity provider record, so it tries to create it again automatically, but it fails because the record already exists. What could be wrong in my config? Or, is there a way or an specific log I can try to find to understand what is the root cause of this issue?...

Blemming

7/29/2025

Entra ID AADSTS50011

Following step by step the steps here: https://zitadel.com/docs/guides/integrate/identity-providers/azure-ad-saml#configure-basic-saml-configuration I am getting an error from microsoft: ``` Request Id: 2b7ddaae-f4f4-42b5-8024-778566a40800 Correlation Id: 27cd7246-2d6d-4ca9-a4ad-7ca6ee704bd5...

misterlowe

7/29/2025

"Signature validation failed" issue on first log in of the day (.NET)

I am using Zitadel as basic Oidc provider in a .net Core 8 app. Sometimes - usually on first login of the day, I get the error below. Subsequent logins will work fine after that: ----------- SecurityTokenSignatureKeyNotFoundException: IDX10503: Signature validation failed. The token's kid is: '331015965120704997', but did not match any keys in TokenValidationParameters or Configuration. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey, KeyId: '330867128917864933', InternalId: 'eEY5cloHV5xw41nhCphXeR0cak5ePU8YYMXQzfSHtUc'. , KeyId: 330867128917864933...

Vamsi Krishna CH

7/29/2025

**Subject: Issue Retrieving and Assigning Custom Project Roles via API**

ZITADEL distinguishes between: Project Roles: These are the custom roles you define within a specific project (like "ADMIN1", "SUPPORT"). They are keys that represent a set of permissions relevant to your application's logic. You create these at management/v1/projects/{projectId}/roles. Project Members / User Grants: This is where you assign a specific user (from your organization or a granted organization) one or more of these defined Project Roles for a given project. When a user is assigned a role in a project, it's essentially a "user grant."...

Ozzzkar

7/29/2025

Post auth log example not working

Hi, I tried to use the post auth log example here with Zitadel v4.0.0-rc.2 https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js however nothing shows up in the logs. Tried with both text format and json, and enabled the debug level logging. ``` Log:...

arobs

7/28/2025

Migrations stuck projections.users14 when upgrading to 2.70.*

Hi, I have recently attempted to upgrade from v2.61.0 to either v2.70.14 or v2.71.13 to get the fix for "permission checks on session API (17f033f)". Unfortunately, I am having some troubles: - level=info msg="projection is prefilling" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/v2/handler.go:83" projection=projections.users14 and then...

migregal

7/28/2025

How you are dealing with growing evenstore size?

I'm currently working with self-hosted Zitadel at one of the projects. As for now we are running v2 major release and have some issues with eventstore size - it'd reached 300 GiB and growing. Currently we start to cleanup some of old events we're not interested at (access and refresh token issue, for example) by smth like cron job, but this seems to be dirty hack and not the actual solution. More over, size of eventstore starts to affect Zitadel performance on long reads for soma APIs AFAIK there is no docs or guides how to deal with eventstore size when it reaches out, so it'll be nice to have one as official solution after we discuss it here...

7/28/2025

Slowdowns using Login V2

We have been attempting to migrate to the new Login V2. We built a nextjs app based off of https://github.com/zitadel/typescript and have heavily customized it and self hosted it for our own purposes. The problem is, whenever we turn it on our hosted zitadel instances start to experience major slowdowns. I know it is the zitadel instance and not the nextjs login portal because going to the zitadel dashboard itself is extremly slow during these moments as well. We are on v3.3.2 according to the dashboard the last time we experienced this. We only see it on our production instance with it's much higher traffic. In our staging instance things seem to work fine for the most part. I can give you timestamps of when the slowdowns happened to us last Thursday if that helps. The only thing I can think of is that when using LoginV2 we end up hitting the management API far more than otherwise. Any help would be much appriciated. Thank you....

7/28/2025

Will OpenAPI swagger docs continue to be maintained?

We have recently started migrating to using a typescript axios client to communicate with the zitadel backend that is generated off of the Swagger docs hosted here https://zitadel.cloud/openapi/v2/swagger/v2/zitadel/zitadel/. But I just noticed in the release notes for v4 the following:

GRPC APIs with ConnectRPC
All new v2 APIs will exclusively leverage gRPC with ConnectRPC, discontinuing support for OpenAPI 2.0 for new endpoints. This ensures a robust, high-performance, and future-proof integration experience.

GRPC APIs with ConnectRPC
All new v2 APIs will exclusively leverage gRPC with ConnectRPC, discontinuing support for OpenAPI 2.0 for new endpoints. This ensures a robust, high-performance, and future-proof integration experience.

...

maksim.khardin

7/28/2025

Integrating zitadel into a gitlab ci pipline, problem with admin login for setup

Hi, I'm tying to integrate zitadel into a gitlab's ci pipeline to be used in tests, and I'm hitting a problem of "admin login for the initial setup" For local development everything is fine, since I can do PAT/Machinekey generation and access it with mounted volumes. But for gitlab that strategy doesn't work - I can not access the fs of the service. I thought that I could use the username/password of the firstinstance user, but Zitadel does not support Resource Owner Password Credentials....

Nadine

7/28/2025

Microsoft IdP Login Fails: Missing given_name Causes Validation Error

Hello, I'm setting up Microsoft as an Identity Provider for my app using Zitadel. I followed all the documentation, and login is successful, but right after that, I run into this error:

[invalid_argument] invalid AddHumanUserRequest.Profile: embedded message failed validation | caused by: invalid SetHumanProfile.GivenName: value length must be between 1 and 200 runes, inclusive

Even though I have added given_name as a claim in the token configuration of my Azure App Registration, It seems like it might be missing or empty in the token being returned. Can anyone help me identify why this might be happening or suggest a workaround? maybe creating an action to map name to given_name can fix this (not sure if possible)?...

sarsha

7/27/2025

I've setup Google login and disabled user\password. How to login to admin account?

Hey all, I am self hosting Zitadel\Netbird and I have setup google login successfully. I also disabled local login to the Netbird org This combination won't allow to login using the admin account (user\pass is disabled)...

bawsky

7/25/2025

Recommended API for adding/searching organization domains on v3

Hello Zitadel crew 👋 It looks like the endpoints for adding and searching domains were deprecated on v3. What endpoint should I be using instead (on v3)? Related endpoints: - https://zitadel.com/docs/apis/resources/mgmt/management-service-add-org-domain...

Guyzeroth

7/25/2025

Whitelabelling: Default redirect URI not working for Organization?

Hello, we have a situation where we have app.oursite.com -> Our app login.app.oursite.com -> Our default login ...

MisterOutofTime

7/25/2025

limit self registration to org email?

is it possible so that only people with a @mysuperdomain.tld email can register in the organization mysuperdomain.tld ?

bittner

7/24/2025

Setting up Project and App from zero using Terraform Provider (Docker Compose)

I'm using the ZITADEL Docker Compose setup to develop locally, which I have set up roughly as documented at https://zitadel.com/docs/self-hosting/deploy/compose. Instead of having to log in onto the user interface, changing admin password, creating a project and apps, I want to configure the ZITADEL service in an automated fashion, e.g. using the Terraform Provider. https://zitadel.com/docs/guides/manage/terraform-provider The documentation says, I need a "service user with enough authorization" to get started. IIUC, this means that I have to log in first and create such a service account using the human admin user (which is clearly what I want to avoid)....

Light

7/24/2025

Create Action Target/Execution via Terraform Provider

I would like to create an Action Target and an Action Execution with Terraform when provisioning a Zitadel instance. I saw that this is possible via the v2beta API, but the Terraform provider seems to be missing it. Are there plans with the release of v4 to include this in Terraform?...

Previous Next