Migrating from self hosted to managed
Hello hello Zitadel team,
Currently, I am running a self hosted Zitadel instance and very happy with it. As my operations grow, at some point, I may want to look into buying into your managed offerings. For my curiosity and sanity, is there a path to migrate from self hosted to cloud? I read somewhere the other way is doable, but being able to move to cloud would be great!
Im assuming this would step me up to enterprise licensing directly as that supports on-prem. ...
login attempt limit
Use-case: Company needs
Environment: Zitadel Cloud
Version: v2
Stack: I am using the opt SMS/email feature and I would like to know if it is possible to lock the user when the verification code is entered multiple times and is incorrect
What went wrong: No corresponding function found...
CORS error while sending HEAD /oauth/v2/authorize request in a Custom Login UI
Self hosted Zitadel.
Following the guide from here: https://zitadel.com/docs/guides/integrate/login-ui
Hello! We are implementing a custom UI and meet the CORS error when using the browser to send the request:
...
Importing the @zitadel/client into my CommonJS project doesn't work
I get the following error:
...
Error [ERR_REQUIRE_ESM]: require() of ES Module /Users/<me>/Developer/<project>/node_modules/@zitadel/proto/cjs/zitadel/admin_pb.js from /Users/<me>/Developer/<project>/node_modules/@zitadel/client/dist/v1.cjs not supported.
admin_pb.js is treated as an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which declares all .js files in that package scope as ES modules.
Instead either rename admin_pb.js to end in .cjs, change the requiring code to use dynamic import() which is available in all CommonJS modules, or change "type": "module" to "type": "commonjs" in /Users/<me>/Developer/<project>/node_modules/@zitadel/proto/package.json to treat all .js files as CommonJS (using .mjs for all ES modules instead).
Error [ERR_REQUIRE_ESM]: require() of ES Module /Users/<me>/Developer/<project>/node_modules/@zitadel/proto/cjs/zitadel/admin_pb.js from /Users/<me>/Developer/<project>/node_modules/@zitadel/client/dist/v1.cjs not supported.
admin_pb.js is treated as an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which declares all .js files in that package scope as ES modules.
Instead either rename admin_pb.js to end in .cjs, change the requiring code to use dynamic import() which is available in all CommonJS modules, or change "type": "module" to "type": "commonjs" in /Users/<me>/Developer/<project>/node_modules/@zitadel/proto/package.json to treat all .js files as CommonJS (using .mjs for all ES modules instead).
BetaInstance Service V2Project V2App V2Authorization V2Permission V2Settings V3
When are the release dates for GA for the above features, especially instance service v2, authorization v2, permission v2. Thanks
List users with metadata
Hi, is there a way in the API V2 to list all users with their metadata ?
The use case is the following : I need to sync my zitadel users periodically with an application, because I can't wait for them to login on this specific app to have an account on it.
I can perfectly list all the users with the
POST /users endpoint, but I need a very crucial piece of information (the room number of the user for an internet connection providing service), that is in the metadata, and those are not returned in the endpoint (we formerly used keycloak, where the "attributes" were included in the /users endpoints).
...How to obtain the configuration of the Secret Generator in the default setting
https://$CUSTOM-DOMAIN/admin/v1/secretgenerators/:generatorType
How to call this interface in the zitadel typescript project? I can't find the corresponding interface information...
Turning from Login v2 back to v1 by modifying the tables?
Any chance we can change from v2 to v1 login in Zitadel through the tables someway? We are running on 3.2.1. What happened is that I turned on "Login v2" in the Features tab, with a base URI of "http://" and then the instance froze automatically and I cannot recover it. Just accessing the instance gives me this error
404 page not found...
Can't use pkg/grpc/user/v2 from Response manipulation example
Hi, I'm following your response manipulation example for Golang here: https://zitadel.com/docs/guides/integrate/actions/testing-response-manipulation
In the top of the file there's an import for
"github.com/zitadel/zitadel/pkg/grpc/user/v2" but when I run
go get github.com/zitadel/zitadel/pkg/grpc/user/v2 I get this back:
```...Login Redirecting Twice to Application After Successful Authentication
We are using ZITADEL as the OIDC provider. The flow is standard Authorization Code Flow. After login, the user is redirected to our redirect_uri as expected. However, immediately after the initial redirect, the user is redirected again to the same URI. This causes a second page load or duplicate processing on our end. Due to which we are getting error on requesting for token. Since, token is requested twice.
Questions:
1. Is this double redirect behavior expected under any circumstances?
2. Could there be a misconfiguration in our OIDC client or project settings in ZITADEL?...
Does the URL for UI need to be localhost?
I have spent 3 days with no progress - I want just a normal admin user, I cannot. Does it specify how the human admin user format, it does not. Docker compose example tweaking to my setup has become a nightmare with 4.0.1
admin.pat is not getting created
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: "Automatically Initialized IAM_OWNER"
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE: 1
ZITADEL_FIRSTINSTANCE_PATPATH: /etc/zitadel/admin.pat
...
Hi everyone,
I’m trying to set up ZITADEL on a local home server using the latest Docker images. I followed the official documentation and tried the absolute standard configuration.
Here’s what I tried and the problems I ran into:
Default Admin Login: I used the default login and password from the docs Password1!. The login fails, and the error was: session can be created....
Login V2 in a multi instance environment with Helm
I'm trying to test Login V2 with 4.0.1 on a Helm/Kubernetes environment but I wonder how it is supposed to work. It seems the zitadel-login image needs a PAT of a explicit instance and a appropriate Host overwrite to start. If you only need a single tenant, this happens automatically (FirstInstance configuration) but otherwise you need to do it manually. It doesn't seem feasible to start a container per Zitadel Instance, but I couldn't find a way to start Login V2 tenant independent with a system key.
In addition (but this could be due to misconfiguration?) it doesn't seem to use any existing setting in the instance. I have no external login enabled and disabled every language except English and German but it shows many more and crashes when choosing one of the disabled. Additionally the sentence "or sign in with" is shown, without anything to choose from. Last but not least it ignores any existing translation, so this alone would force us to customize it for every instance just for a few words.
Am I missing something or do I just need to wait a little more until it stabilizes?...
Slow migration from v2.66.18 to v3.3.5 (1.5M users)
Hi! We are using Zitadel in production on Kubernetes, installed via Helm Chart. We are currently on version v2.66.18 but are planning to upgrade to v3.3.5 because we are experiencing database performance issues (slow response on projection.users13 queries) that are currently "solved" with a large AWS RDS Postgres database
(db.m6g.8xlarge). We also have our custom frontend for login.
We have an organization with 1.5M users (and growing). Yes, it's really big.
One of the problems we faced with the upgrade is the slow migration time (approximately 24 hours), and we realized that it's caused by a slow query (~12s). Every 12 seconds, the migration adds only a few users to projections.users14. We are conducting pre-migration tests with a dump of the production database in another environment, and the RDS instance type we are using there is db.m6g.4xlarge. We don't see high CPU or IO usage in the database during the migration (nor in the Setup Job Pod). CPU usage is less than 10% and IOPS are quiet, but in AWS Performance Insights we see this slow query:...Events webhook in documentation uses a not found package to check signature
listening to events webhook to save them to a database as a log, I followed the documentation https://zitadel.com/docs/guides/integrate/actions/testing-request-signature but when I want to verify the signature the events package is not found and can't import it
Error:
github.com/zitadel/zitadel/pkg/actions: module github.com/zitadel/zitadel@latest found (v1.87.5), but does not contain package github.com/zitadel/zitadel/pkg/actions...
Problem using AuthorizationService API - {"code":5,"message":"Not Found"}
I am trying to use the Authorization Service API but can't get it to work.
For Authorization i am using a service User PAT. The service user has "Org User Manager" and many more memberships.
Endpoints like zitadel.cloud/v2/users/ work and return the expected data.
For /zitadel.authorization.v2beta.AuthorizationService/CreateAuthorization i only ever get '{"code":5,"message":"Not Found"}'....
Understanding eventstore.unique_constraints (V3-DKcYh)
Hello,
In a self-hosted setup with a single Instance (v3.3.0) where we manage 1 organization with ~39k users, we’ve noticed leftover records in the
eventstore.unique_constraints table that don’t correspond to any existing user in the instance
Examples:...fresh self-hosted installation - registration doesn't work?
hi!
I'm currently evaluating Zitadel, and I can't get user self-registration working, so this must be a bug?
I'm using latest docker-compose config as described here, https://zitadel.com/docs/self-hosting/deploy/compose/...
Is ZITADEL suitable for a white-label B2B2B SaaS architecture?
I’m exploring whether ZITADEL is a good fit for a SaaS with a B2B2B architecture structured like this:
Organization A
– Subaccount 1
– Subaccount 2...