Document updating process of Zitadel
Hey everyone,
I just had a chat with @Raccine for evaluating the onboarding process of Zitadel. I remembered that I could find any mention about some conventions regarding migrations and updating Zitadel.
Specifically, when upgrading from X.Y.Z to X.Y+W.Z+K, what’s the recommended approach?
...
Org Owner cannot see all users
Hello,
I have a problem since I migrate from 2.71.2 to 2.71.4 last week. My user is the IAM Owner and Org Owner of all organizations we have, and I can only see my user in the Users tab of my org, I cannot see others users. I can see them in the Authorizations tab and see users' profiles from there, I can authorize them in projects and give them a role.
Rollback to 2.71.2 doesn't change anything.
It's the same for all Org Owners and if I grant a new user Org Owner.
Is there a permission, a table/schema that changed recently ?...
"UNABLE_TO_VERIFY_LEAF_SIGNATURE" Error 403 Forbidden
Hello i added a external microsoft identity provider into my Zitadel. Now i got a problem because in my Local Test Zitadel everything works fine with the External identity but on production i get a certificate error. What could the problem be? it normally gets the token and keys but when i do the api call it failes. on my local test zitadel it works.
Best Practices for Managing Public Domains in a B2B Organization Model
Hello 👋
I'm building a B2B solution where each client gets their own organization based on their domain (e.g., client.com). The idea is to automatically create a new organization for each detected domain.
Problem:...
Zitadel TypeScript login: Issues Enabling HTTP/2 for gRPC with Zitadel in K8S (ALB Ingress)
Hi everyone,
We’re onboarding the Zitadel TypeScript project in our Kubernetes setup (
zitadel-typescript-login), but we’ve run into an issue with enabling HTTP/2 support while keeping compatibility with other services.
Our Setup...panic: runtime error: invalid memory address or nil pointer dereference
Good morning. I'm setting up zitadel on GCP, and I encounter this error regurally. Do you have any idea what might cause it?
```
panic: runtime error: invalid memory address or nil pointer dereference...
Revoking Active Sessions and Tokens
I have recently updated a user's email address and would like to revoke all active sessions and tokens associated with their account. Could you please confirm if there is an API endpoint available for this purpose using a service user token?
Looking for Help Setting Up Zitadel
Ok, finally we got a solution with hosting, backup etc. which is managable for our budget.
But now for the next steps we still need help. The goal is to have a universal login page for our NGO to authenticate users across two different services. We have a managed self-hosted Zitadel instance running and now need help with setting everything up the right way.
- Setting up and customizing the login page ...
Handling of deleted users
Hi, I have a question regarding user deletion - I can see that if you delete the user via console, you can create a new user with the exact same email, but a different user id
Documentation states, that deletion sets the user's state to deleted, and the UI has a filter for user.state=DELETED, but it does not seem to return anything, and neither does the v2/users/{:userId} handle.
So, my question is - what actually happens to the user's data (I'm also curios about it in the context of GDPR compliance)? Is there a way to access it via API?...
Access / refresh tokens
Currently im writting frontend with zitadel. And i faced with problem that i dont know how works tokens (access and refresh). I need make frontend that i login/signup and after that get tokens, write it in the cookies and use access when i gotta make a request. And use refresh when i gotta revalidate access. But i dont know how to get these pair of tokens and how it works. Could you explain me how it work plz
Fetch a List of users in a WebApp
Hello Zitadel Team! 👋
I am using a Self-Hosted instance of Zitadel and I was wondering If I could possibly fetch a list of all available users in the Organization so a possible function like: Dropdown to choose a user responsible for something or whatever.
I am trying this: ...
Refresh token working, but still getting logged out!?
I implemented refresh tokens in React with
signInSilent which works when I set the ttl on the access token to 1 minute for example. So I thought everything is great, but when I set the access token ttl to 1 hour and the refresh token ttl to 31 days I would expect the user to have to login once a month. However the next day I'm forced to login again.
I don't understand why this is happening and I'm wondering if it has something to do with Zitadel itself??...Customizing email templates
Since spam filters are rejecting the init email messages sent by zitadel (and I fear other messages too), I found that with this call https://zitadel.com/docs/apis/resources/mgmt/management-service-set-custom-init-message-text you can change the template. I would like to know if is it possible to do it from the console too? Thanks.
P.S. My question about the rejections is here: https://discordapp.com/channels/927474939156643850/1349079401719136438...
Pre-select an identity provider on login
So my use case is the following:
I have my own landing page which has a login button and redirects to Zitadel login page, what I would like to chang is to have instead the following buttons:
- Login with password
- Login with Microsoft
And each button sending a customQueryParam to Zitadel login page which is used to trigger automatically the correct auth method....
Dark/Light Mode Pre-select for Login Page
Hello, is there any way of toggling the theme of the zitadel login page without relying on the cookie thats being set?
The idea is that i have some starting page with a dark/light mode and after pressing a login button, the existing theme choice should carry over, currently it seems to rely only on the system default and i could not find a option specify it on the redirect. Thanks....
UsersService setPassword v2 version should allow setting password without verification code
Hello there!
In our implementation we have the use case to programmatically set the password of the user in Zitadel through the API because we do the verification on our side.
In the v1 API https://zitadel.com/docs/apis/resources/mgmt/management-service-set-human-password we have this option, but this endpoint is marked as deprecated suggesting to use https://zitadel.com/docs/apis/resources/user_service_v2/user-service-set-password which requires a verification code as well.
Is there a plan to adjust this v2 endpoint (or another v2 endpoint) to support force setting the password programmatically without going through the reset process?...
How to use Google as identity provider but restrict logins to my company domain
I am trying to use google as provider to acess Zitadel. I would like to auto create account but only allow emails from the Company domain.
Onboarding email marked as spam
I am using sendmetric as SMTP relay for a self hosted Zitadel 2.70.0. Sendmetric is marking Zitadel's email messages, in Spanish, as spam. Here it is the message sendmetric's support sent me:
"After looking further into our logging for messages marked as spam by the sender you referenced, it scored high from multiple engines we utilize to detect spam. As a result it was marked as spam. Please keep in mind if we mark something as spam it will also likely be rejected as spam by the recipients you are sending to. Our best advice is to modify the content of the message you are sending and run it through some content checkers that score how spammy your message might be to improve it."
Is it possible to completely customize the email template in Zitadel to avoid these problems?...