ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

Jürgen
Jürgen
View on Discord
6/25/2025

Is it possible to configure IDPs via API?

Or is the Web UI always required? Our team is just evaluating Zitadel as self hosted authentication solution. We would need to configure Zitadel via API though. Is this possible? because i could not find anything in the docs. In the API section i was only able to find a few GET requests.
Matheus Zaniolo
Matheus Zaniolo
View on Discord
6/25/2025

Get org_id from UpdateHumanUser event

I'm using the Actions v2 to listen to some Requests. On my problem, I need to get the user metadata when the UpdateHumanUser is called. For getting the metadata we need to call the get user metadata endpoint. To do that we need to pass the org_id of the user in question if the caller user and the user we want the metadata from belong to a different org (usually my case). The payload from the Request we get is bellow The problem is that the org_id from the payload is the org_id from the user making the call not the user been changed. ...
Steve
Steve
View on Discord
6/25/2025

How hard is passing an organization ID in the JWT?

How feasible is it to embed an organization ID directly into the JWT that Zitadel issues? Are there built-in mechanisms or recommended hooks to inject a custom org_id claim at token-issuance time? What pitfalls should I watch out for (e.g. token bloat, signature issues, claim collisions)? Use-case: Zitadel for API Authentication and authorization (user login and machine API Tokens) Environment: Self-hosting Version: Will use the latest stable...
Guyzeroth
Guyzeroth
View on Discord
6/24/2025

Don't send initialization email

Hello is it possible to disable the user initialization email? We have a case where we want to defer this as we will import a large number of users. Ideally once a user comes and enters their email to login they'll be prompted to first verify their email then reset their password. I have looked at the docs but I don't want to completely disable is_verified already? Any ideas. Cheers
tyx
tyx
View on Discord
6/23/2025

Fast API Backend + Vite React SPA frontend

I am confused if I should be creating 2 applications or 1 application for this setup. Basically I want to authenticate the user and send them an opaque token via cookie and use that for all of the auth downstream. I am not thinking of AuthZ, for AuthZ i think i'll need to reachout to something like casbin as zitadel AuthZ seems more around zitadel specific resources and not application specific things as per say. But AuthZ is another story. This thread talks about it: https://discord.com/channels/927474939156643850/1307108134619451453/1307108134619451453 ...
No description
Igor
Igor
View on Discord
6/23/2025

Import user from keycloak

Hi everyone! I found an article in the docs about importing a user from keyclock. https://zitadel.com/docs/guides/migrate/sources/keycloak#import-user-to-zitadel-via-zitadel-api So I think this is deprecated. It doesn't support argon2 encryption. Also the /management/v1/users/human/_import endpoint is deprecated. Is there a way to migrate users from keycloak?...
kevinight
kevinight
View on Discord
6/22/2025

Select Organization, Zitadel V3, Typescript Login UI, Session API

hi team, I did quite some research on this, many of the posts / discussions / issues / messages are from a while ago where Typescript Login UI is not available. so i wanted to ask for a updated guide on how to implement organization selection in Typescript Login UI. ...
Кирилл
Кирилл
View on Discord
6/22/2025

OAuth token revocation

Hi, guys! Help me understand plz. We implemented Oauth flow, everything works fine but I fail to understand connection between session and tokens. When user logs out - out frontend (using Zitadel lib) calls /oidc/v1/end_session. In user_sessions table respective session changes state from 0 to 1, and access token becomes invalid. However refresh token is not being revoked and I can still get access token using it. ...
guidolux
guidolux
View on Discord
6/21/2025

PAT Token

I want to use some of the curl-based API requests I have seen throughout the documentation in my local docker environment. Correct me if I am wrong, but the easiest way would be to create a service user and a personal access token in the ZITADEL organisation. Then, use this personal access token in the Bearer field for the requests. And which role(s) should my service user have to execute admin-level operations?
koppe
koppe
View on Discord
6/21/2025

Apple Sign-In | "invalid_client"

Hello, I'm trying to set up Apple sign-in for my family, but I can't avoid the "invalid_client" error on Apple's end. I've tried regenerating everything, and adding "/form" to the end of the callback URL, and nothing works. What might I be doing wrong? Thanks!
nicjac
nicjac
View on Discord
6/20/2025

Very slow migration (2.61.0 --> 3.3.0)

Hi team! First of all, thank you for this amazing piece of software! Really great dev experience so far. We are self-hosting Zitadel on Kubernetes. As we continue developing our application that will eventually integrate with Zitadel, we decide to update our dependencies, including Zitadel itself. We upgraded from 2.61.0 to 3.3.0. The database contains ~84,000 users....
pmav
pmav
View on Discord
6/20/2025

Zitadel Database disk usage

Hello the DB (PG) used by our Zitadel instance is consuming a lot of disk space and growning - is there any resource that give specific pointers on optimizations? e.g.: clean up routines, delete old data, etc. asking only for Zitadel specific stuff, PG generic stuff we can handle on our own, not to wast anyone's time 😂 Thanks!...
alexdess_
alexdess_
View on Discord
6/20/2025

Each organisation with its own custom domain

I wanted to know if with Zitadel self-hosted, it was possible to have org1.mydomain.ch and org2.mydomain.ch with their associated branding (with zitadel.mydomain.ch as EXTERNALDOMAIN)? I've tested different configurations according to the documentation but adding a domain to a self-hosted instance doesn't work at all whether it's the v1 or v2 API. ...
Mr Moss
Mr Moss
View on Discord
6/19/2025

Postgres 16 --> 17 Documentation

Hi folks. Home user here who's slowly learning how to self-host things over the past couple of months. I went to update my Zitadel docker container today, and noticed that on the lastest compose.yaml deployment example, we now use postgres 17. My existing setup uses postgres 16 from when I first created the container back in March of this year. Is there any documentation on how to migrate from v16 to v17? I've looked through release notes, this server, github issues etc - but can only find issues relating to the old cockroach migration....
QR Link
QR Link
View on Discord
6/19/2025

V2 api self organization create flow is not working correctly

Hi Team, We are currently migrating to the V2 API. We are experiencing some strange behaviour when a customer wants to signup for our system. When a new customer want to singup we redirect them to: /ui/login/register/org. The customer fills in all information and can then sign in. ...
No description
Kanimozhi
Kanimozhi
View on Discord
6/19/2025

Deleting Bulk Users

Hey @Rajat , I am in need to clean up unwanted/unused users created in zitadel. It is actually 3 digit count, which means manually deleting each user will be difficult and time taking process. I directly accessed db and deleted the users with certain key using dbquery, but yet I can see those users listed in the console. By search I got to know like as zitadel is event based so it will be displayed based on the event. This db query check I have done in another instance not in the actual instance. Is there any ways to handle this?...
tyx
tyx
View on Discord
6/19/2025

Not able to use terraform 3.3.0

Described my issue in detail here: https://github.com/zitadel/zitadel/discussions/9290#discussioncomment-13514639 basically even after having permissions at all levels, not able to create resources with terraform(provider 2.2.0)...
Pallab
Pallab
View on Discord
6/18/2025

Connection reset by peer

Ever since upgrading to v2.71.9 and henceforth, I am seeing many connection reset errors like the following. Is there some configuration that I can tweak to mitigate this? 
get user from zitadel, error: rpc error: code = Unavailable desc = error reading from server: read tcp 10.230.54.27:55668->34.233.181.143:443: read: connection reset by peer "}
get user from zitadel, error: rpc error: code = Unavailable desc = error reading from server: read tcp 10.230.54.27:55668->34.233.181.143:443: read: connection reset by peer "}
...
Saad
Saad
View on Discord
6/18/2025

when using zitadel api with protobuf .

export async function systemAPIToken() { const token = { audience: process.env.AUDIENCE, userID: process.env.SYSTEM_USER_ID, token: Buffer.from(process.env.SYSTEM_USER_PRIVATE_KEY, "base64").toString(...
No description
RAleksejuk
RAleksejuk
View on Discord
6/18/2025

Permanently periodically unable to update "projections.notifications" state error in zitadel logs

Zitadel Helm chart: 8.11.2 Zitadel app version: v2.67.2 Self hosted Kubernetes with Postgresql 15. We are getting permanent periodic errors on the notifications projections:...
PreviousNext