ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

vf-tyler

5/22/2025

Project Grant Deactivation Access Restriction

Hello, I'm looking to confirm if the following behavior is expected: Deactivating a project grant for an organization does NOT remove access to that project for all users in the organization. - If the above statement is true, is there another way to holistically remove access to a project for all users of an organization without having to deactivate every user's grant?...

Shardool

5/22/2025

Actions v2 on v3.1.0 returning [internal] An internal error occurred (QUERY-y2u7vctrha)

Upgraded recently from v2.67.2 to v3.1.0 locally on docker compose. Tried adding a target and an action. After an action was added, I started getting [internal] An internal error occurred (QUERY-y2u7vctrha) and im not able to see my action that was added. Its not being triggered either

nilsense

5/22/2025

-debug vs non -debug Zitadel images on ghcr

Hi everyone, With the images Zitadel publishes on ghcr, does anyone know the difference between the -debug and non-debug flavours? For example:...

rcauquil

5/22/2025

Error when connection to Zitadel console

Hi everyone, I'm getting this error when trying to connect to the admin console, any idea ? have a great day...

sp132

5/22/2025

Event compaction / snapshotting

hi there is it possible to somehow prune or compact the eventstore? We've been running our self-hosted instance for a couple of years now and trying to migrate away from CockroachDB using mirror command. The problem is that it takes very long to mirror the projections (45 hours in fact) with sessions8 taking a bulk of that time. This is mostly garbage data because session TTL is set to 12h anyway and we have no use for "historical" information about sessions or auth requests. By pruning or compacting the eventstore mirror can be completed in a reasonable amount of time, which should help with downtime and the like....

Harshit

5/22/2025

How to Allow Same Google User in Multiple ZITADEL Organizations?

Hi! I'm facing an issue with Google login in ZITADEL. I have two organizations (for ArgoCD and Grafana), each with its own Google IDP configured at the org level. When I log in with the same Google account, it registers in one org but fails in the other with "User already exists" error. How can I allow the same Google user to exist across multiple orgs?...

Summoner

5/22/2025

🦒

craigzour

5/20/2025

Notifier errors since upgraded to 3.0.4

Hello! I am looking for help to understand and debug an issue I have with my Zitadel service. I recently upgraded my self-hosted Zitadel instance from 2.63.4 to 3.0.4 and since then I am getting recurring errors related to some Notifier resource. ...

nilsense

5/20/2025

Is there a GO SDK Replacement for Rest /oath/v2/token

As the question states: is there a GO SDK Replacement for REST /oath/v2/token? I looked through the documentation but it doesn't seem to be the case. I feel like I'm missing something though.

Ebram

5/20/2025

How to create action to redirect when clicking reset password.

I want to redirect the user to use a custom reset password page off of zitadel is there a way to create an action that redirect the user to somewhere else. If thats not possible how do i get the sub of the user trying to reset there password. Using the event user.human.password.code.added?

boblack_zocker

5/20/2025

Organization with only external provider login redirecting to type in password

Hello, I created a organization and i want them only to log in via external provider like microsoft activedirectory. the thing is that when i create a new user he gets redirected to the organization auth page and has to type in a password even if i have disabled password entry. only if i press the back button i get redirected to the external identity. this looks uncommon for me. shouldnt the user be directly redirected?

Kanimozhi

5/20/2025

Store Password

Hi all, Can anyone confirm that is it possible for us to store a user without password and use that user ? I am using Google IDP, so I don't want to store the password in zitadel....

hypebeast18

5/20/2025

is it possible to make auto-renewal of refresh token lifetime?

For exapmle, if i make a request to update my access token, our backend can check how long does refresh token have left to live. If it has less than 1 week, we make a request to extend the time of this token

Jeff D

5/15/2025

Locked out of instance

I've managed to lock myself out of an instance and here's how ... Requirement is to have users register with both an email address and phone number and to have on-time verification of both. So to test that i attempted to set the instance defaults to use SMS 2-Factor verification. After saving the changes i logged out of my app and when i attempt to login it now asks for my phone number which is great, but i never get the SMS code - presumably because i never setup Twilio. So i'm locked out of th...

nilsense

5/14/2025

Flaky error from /oauth/v2/token

Latest Self-hosted version that has been tested: v2.71.6 Behavior not present in (at least) v2.58.3 In some of my integration tests, I am finding that the /oauth/v2/token endpoint is returning a flaky error. ...

Andy

5/13/2025

Self Hosted Azure Container Apps - "Database "zitadel" already exists"

Hey folks, i'm currently trying to deploy both Zitadel and Postgres out to an Azure Container App Environment as part of a PoC. I am able to deploy both containers to the environment using Terraform, however, when the Zitadel container executes the defined start-init command, I get logs stating that the Zitadel database already exists. I also get logs stating that certain aspects of Zitadels config exist too (roles for example) before the container ultimately hangs. As I am just proving out elements of deployment, I'm deploying both to the same container app environment, both are freshly deployed each time, and i'm using env vars instead of config files. There are no volumes being mounted for the db container, as well as no sidecars or init containers. Initial thinking was maybe two zitadel containers where triggering the same init process on my single postgres instance, but after forcing just a single replica with a single container across both I still see the same issue. I have attached the terraform i'm using (obfuscating anything relating to my azure subscription) for reference, as well as the logs messages i'm seeing for both the postgres container and zitadel container. Fully anticipate I'm doing something daft, so any help is greatly appreciated! (I'm also able to run the stack locally using compose, its just when I deploy to Azure its giving me errors.)...

пажилое калечко

5/13/2025

Domain discovery with identity provider flow

How work now: 1. User open login page which uses default organization's settings of company A with IDP options of A 2. Enter his email of company B -- here Zitadel determines user's organization by domain in email. 3. enter password...

boblack_zocker

5/13/2025

GetUserGrantByID for granted projects not working

Hello, i am trying to get the user roles from a user but its not working. I am using the GetUserGrantByID call. i give to the call the userid and the resourceId of the project but all i get is: {"Status(StatusCode="NotFound", Detail="User grant not found (QUERY-wIPkA)")"} The user has roles in this project for sure. what am i doing wrong?...

boblack_zocker

5/12/2025

Can i move Users from OrgA to OrgB.

Hello, is it possible to move Users from OrgA to OrgB and keep the id and everything roles ect.?

AYEEDITYA

5/11/2025

Creating local user in Zitadel V3

Hey, so I recently upgraded to V3. Everything is well, however, when I create a local user in a specific organization, the user is still only created in the default org. Whys this? And how can I make it so it’s created in the specified organization? Since there is also no way to move a user to a different org.

Previous Next