Recommended API for adding/searching organization domains on v3
Hello Zitadel crew 👋
It looks like the endpoints for adding and searching domains were deprecated on v3. What endpoint should I be using instead (on v3)?
Related endpoints:
- https://zitadel.com/docs/apis/resources/mgmt/management-service-add-org-domain...
Whitelabelling: Default redirect URI not working for Organization?
Hello, we have a situation where we have
app.oursite.com -> Our app
login.app.oursite.com -> Our default login
...
limit self registration to org email?
is it possible so that only people with a @mysuperdomain.tld email can register in the organization mysuperdomain.tld ?
Setting up Project and App from zero using Terraform Provider (Docker Compose)
I'm using the ZITADEL Docker Compose setup to develop locally, which I have set up roughly as documented at https://zitadel.com/docs/self-hosting/deploy/compose.
Instead of having to log in onto the user interface, changing admin password, creating a project and apps, I want to configure the ZITADEL service in an automated fashion, e.g. using the Terraform Provider. https://zitadel.com/docs/guides/manage/terraform-provider
The documentation says, I need a "service user with enough authorization" to get started. IIUC, this means that I have to log in first and create such a service account using the human admin user (which is clearly what I want to avoid)....
Create Action Target/Execution via Terraform Provider
I would like to create an
Action Target and an Action Execution with Terraform when provisioning a Zitadel instance. I saw that this is possible via the v2beta API, but the Terraform provider seems to be missing it.
Are there plans with the release of v4 to include this in Terraform?...Does destroying the session also makes all refresh tokens invalid?
I am trying to check if destrying the session for a logged in user will also invalidate all refresh tokens that the user has. I found some Zitadel blog article that says that this doesn't happen but from what I experienced, I think it's the opposite.
Missing information in event on zitadel
Use-case: I'm trying to manage an application who doesn't have OIDC and SAML on the free version.
Environment: Zitadel self hosting
Version:3.3.0
Stack:It's a feature request to add user id on delete and deactivate event with Action V2
Context:I'm trying to manage the user of an application that doesn't support OIDC and SAML on the free version but have a management API. I've setup and endpoint that can manage when an event on user (created, updated...) and make the right API call on the application....
Set Login Font and Icon Through API
Hi!
I was wondering if it's possible to set a organization's login font and icon through the API. Either by providing a link to the resource or something similar. I did find ways to set the fontColor, etc. through the v1 API and retrieve the branding settings through the v2 API, but not how to set the font or icon.
Since we create organizations on the fly through the API this would be super useful for us. I saw that it's somewhat possible through the terraform provider by providing a font- and iconPath, but that's far from ideal for our use case....
What is meant by 'pre-authentication' action?
Hello,
I was reading the migration documentation (https://zitadel.com/docs/guides/migrate/introduction) and stumbled upon the following:
"Create a pre-authentication Action to request user data from the legacy system and create a new user in ZITADEL.".
However, there is no pre-authentication action, only pre-creation. Is there a way to achieve a "pre-authentication" action behaviour?
Thank you!...
Can't query ListOrganizations with an empty request body (v4-rc.2)
Is this expected? Searching organizations with an empty request body worked fine on previous versions.
Reproducing:
```bash
curl -s -H "Authorization: Bearer $token" ...
Using v1 Update Organization endpoint in Go SDK and handling errors
I'm trying to use the endpoint as defined here: https://zitadel.com/docs/apis/resources/mgmt/management-service-update-org
Relevant handler is:
https://github.com/zitadel/zitadel-go/blob/2667335f79f6b437a29b19c0184f6e243beee52e/pkg/client/zitadel/management/management_grpc.pb.go#L1285-L1292
...
Add userid for deactivate and delete user event
Hello Zitadel staff,
I'm testing your new actions v2 by receiving all events from Zitadel.
My target has the task to manage user lifecycle. So, for this, I need to get creation, update and deletion of users.
These events allow me to propagate these actions to users from others applications....
Is there something like role inheritance or role composition?
Hello, I'm a beginner, and I'm very interested in this system. Could you tell me more about it? Is there something like role inheritance or role composition? I don't really want to assign each role to a user, is there a way to combine roles?
v2 login not found on fresh install (v4-rc.2)
On a fresh install of v4-rc.2 (using Docker) running on my local machine for testing, I always get the error
{"code":5,"message":"Not Found"}, I presume this is the new v2 UI. Is one of my options misconfigured?
I initially started testing the latest stable release, but wanted to check out the new login form and to be able to build my own in the future. Do I need to run a reverse proxy for /ui/v2/login running with the zitadel/typescript repo?
Here is my docker compose file, based on the original provided docker compose mentioned in the docs....Can't set user grants from info in user metadata set from external auth provider via Actions
Hey all. I might be missing something obvious here, but hope someone can point me in the right direction.
I'm self-hosting on v3.3.0 and trying to set up a user access flow using ActionsV1 and GitHub as the identity provider (via Dex) and seem to have hit a wall due to the availability of certain methods in Actions and their execution flow. This is a flow I had set up in Keycloak which, whilst pretty clunky, was working as expected.
I'm running Zitadel as an internal service to development teams. The flow I'm trying to set up is the following:...
Migrate legacy user after failed login?
Hello,
in our software we're currently using two different versions with two different user dbs. We're using the newer one as "source of truth" but it can happen that password is outdated.
My question now is whether it's possible to add a new post authentication action, migrate the user if the credentials do not align and then retry the authentication process with the updated credentials (I don't think this is currently possible). This is something that falls more under a "Pre-Authentication" action but this unfortunately doesn't exist.
What's a good approach to solve this? Open to suggestions 🙂
Thanks a lot!...
api.v1.user.appendMetadata is adding "" to uuid
Hello,
The following code in an action
api.v1.user.appendMetadata('user_id', uuid.v4());...How to use reserved scope urn:zitadel:iam:org:roles:id:{orgID}
Hello,
I'm having trouble in my token introspection. I'm trying to get a role to be returned in the response from a project in an org that a user is not part of, but has been granted auth for.
Using the scope
urn:zitadel:iam:org:roles:id:{orgID} , as shown in the docs here, only returns roles in the user's primary org. In fact, using only this scope of the other organization returns an error....Handling User Data After Deletion
Hello team,
I’m acting as an admin and I would like to delete a user. After calling the API https://zitadel.com/docs/apis/resources/user_service_v2/user-service-delete-user to delete the user, how should I handle the data related to that user?
Could you please help me resolve this issue?...
Can Set Arbitrary CORS Headers Using ORIGIN Header
It seems that setting an Origin Header using an arbitrary value (e.g: https://www.example.com) results in an Access-Control-Allow-Origin: https://www.example.com being set in the response. And it seems that there is no validation (e.g: using some kind of allow-list) of these headers.
Is that intentional?...