unauthorized_client NextJS Frontend and Go Backend
Hello, as the title states. I have a SaaS with a golang backend with an API application, and a nextjs frontend with a PKCE application. The frontend can authenticate users normally and get the access and ID tokens, but when the access token is sent to the backend token introspection fails with the error "unauthorized_client". The same exact setup was working one day ago, what could have ruined it? I am on zitadel cloud.
mailcow & Zitadel
Hello,
im currently adding zitadel as authentification provider for my mailcow instance.
My configuration is currently the following: http://cdn.fynncraft.de/u/597aba1b-5837-46a4-b485-03a8ec10db47.png...
Kubernetes configuration to DBaaS
Hello everyone,
I'm trying to install ZITADEL in my Kubernetes cluster and connect it to an existing DBaaS (PostgreSQL).
I'm hitting a fatal error during startup:...
SAML Authnreq signiture format support
Use-case:
I would like for Zitadel to accept signing of Authnreq requests from SP other then within x509 element, like in format:
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>...
Zitadel action on update user
hey all, I am working with zitadel 2.71.10 (self hosted) and I wanted to see if I could sync my Zitadel instance with my database. Say I update my user's name in Zitadel I would like to push this to my database. Is there an action trigger I am overlooking or would this be a custom build?
Apple Sign-In | Redirect Fix, "Invalid web redirect url"
ZITADEL redirect url: https://{your-domain}/ui/login/login/externalidp/callback
This is the link what I should have to add to the service id's redirect links field.
But I got a problem "invalid web redirect url"
One of provider put "/form" end to the url and this is the problem....
Apple Sign-in "issuer does not match" error
Hello!
when using Apple sign-in I'm getting the following error: "issuer does not match" on the login UI
looks like Apple changed their OpenID config
...
Token Exchange - complement token with email of impersonator
Hello Zitadel crew 👋
I'm working on adding impersonation to our application leveraging Zitadel, and one thing we've been doing is complementing the access token with the user email, e.g.:
```
{...
Migrating Zitadel version stuck on step47_fill_membereship_fields
Environment: I'm self hosting Zitadel with a Postgres database.
Version: Currently running 2.66.3. Trying to update to 3.2.3.
Stack: I'm running Zitadel in a Kubernetes cluster in Azure and the Postgres database also in Azure running v15.12. Since it concerns membership fields, maybe it has something to do with the custom user roles? I'm setting the ZITADEL_INTERNALAUTHZ_ROLEPERMISSIONMAPPINGS arg to add some custom user roles on top of the existing roles.
What you expected to happen: The migration runs successfully.
What went wrong: The migration seems to get stuck on the migration step=47_fill_membership_fields. The migration has currently been running for 40 minutes, repeating the same warning message. See the attached .txt...
Actions V2 Complement Token
While reading some documentation of the new Actions V2 iam wondering, if it will be still possible to create some actions to complement a token with some custom claims without creating an external service.
Will this still be possible without an external service?
https://zitadel.com/docs/guides/integrate/actions/testing-function Test Actions Response Manipulation | ZITADEL Docs...
I try to add a member to a granted project, but I keep getting an error "PROJECT-m9gKK"
I try to add a member to a granted project, but i keep getting this error:
{"code":3,"message":"Errors.Project.Grant.Member.Invalid (PROJECT-m9gKK)","details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail","id":"PROJECT-m9gKK","message":"Errors.Project.Grant.Member.Invalid"}]}
The user I try to add is existing and activated. I have double checked that I use the correct Project and Grant ID; and the correct Org ID is passed as a header to the POST request. I have as well checked that I don't pass any role to the request that is not valid or not existing. Any help is more than welcome. Ref to API call details: https://zitadel.com/docs/apis/resources/mgmt/management-service-add-project-grant-member...I'm confused after signing up for a cloud account with github?
I sign up with github for a free cloud account. After questions I get 5 steps. I complete 1. Create your first Instance, 2. Sign in your first instance, then I get to 3, Create your first project, which opens in a new browser window. I go though those steps which I have to create yet another account in which I add 2FA.
BUT, now Step 3 remains with an active button "Create Your Project"
HOW do I get past this step?...
help
Hello im new to zitadel i made an account for zitadel but when i log in i veriefied everything i get an error but i made my own orginization so whats wrong ? or what am i doing wrong?
User not found after Postgres migration
Hi there, I was initially unable to migrate to Zitadel v3 due to no SSL on my database. I now tried to apply this workaround here: https://github.com/zitadel/zitadel/issues/9120#issuecomment-2888582544 – using a v3 Zitadel to migrate to Postgres. This first returned an error because some assets relation did not exist. However i remembered a --replace flag from different issues being mentioned, which mostly ran without errors (it had a problem with smtp settings and returned some weird
message \"PasswordChange.Footer\" not found in language \"en\" errors but otherwise ran through.
However now my user is not found and \dt gives no relations, but the DB is over 200M in size.
In my log i see some warnings like: level=warning msg="asset in login could not be served" .. error="download failed: ID=DATAB-pCP8P Message=Errors.Assets.Object.NotFound Parent=(sql: no rows in result set)...Roles are in an array of objects instead of an object
follwed the basic tutorial of react and i am getting roles in an array. This is breaking my code
unexpected profile
Trying for more visibility on this discussion: https://github.com/zitadel/zitadel/discussions/10038
tl;dr - I'm exploring Zitadel and the GO SDK am surprised the profile endpoint emits the Zitadel admin user by default.
Any pointers would be appreciated!...
How do I saml assert a key value pair to AWS IAM Identity Center
Hello
I am following the steps outlined here.
https://zitadel.com/docs/guides/integrate/services/aws-saml...
V2 Users API not working
Iam trying to use the V2 Users API as shown here:
https://zitadel.com/docs/apis/resources/user_service_v2/user-service-create-user
But i always get "Method not allowed"
What am i doing wrong?...
Search organizations by metadata
Hello! We're integrating Zitadel into our application and one question has risen: is it possible to store some metadata in a Zitadel organization, and then search organizations by that metadata?
Our usecase is that we already have a "companies" entity in our application, so we'd like to store
company_id as a metadata attribute in the Zitadel organization - which would allow us to find the "Zitadel organization" linked to this "company"
If that's not possible, is there a suggested workaround (that doesn't involve storing the "zitadel id" in our application's database)?...How to find which organisations use an Idp
Is there a way to see where idp are used ? If we have many organisations on an instance, it's impossible to check them 1 by 1 to know which one is using an idp slot.