ZITADEL

Z

ZITADEL

ZITADEL - Identity infrastructure, simplified for you.

Join

questions-help-bugs

product-feedback-requests

Michael_Builder
Michael_Builder
View on Discord
7/15/2025

Protocol error: missing status

Hi, I followed the documentation, but I'm encountering an error when accessing the app. API URL: https://auth.heykernel.com...
No description
pivwan
pivwan
View on Discord
7/14/2025

Zitadel hanging due to freshrss config

I'm using zitadel to secure almost all my self-hosted applications. Everything is hosted in docker containers, zitadel included. i'm encountering a problem with FreshRSS, a feed aggregator app allowing OIDC (https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html): After a while, and I don't have any logs for now, Zitadel hangs then fails with a gateway timeout error. I need to restart the freshrss app so Zitadel can work again. App in zitadel is configured in POST mode with refresh token enabled. The same setup works with others apps....
STAS
STAS
View on Discord
7/14/2025

Ask the user to re-accept the privacy policy when it changes

Hi everyone. I have set up a privacy policy using external links and everything works fine, the user is asked for consent when logging in. But if the privacy policy changes, I will have to ask the user to accept it again. Is it possible to achieve this using only Zitadel or do I need to change the logic of the application?
Sergio
Sergio
View on Discord
7/14/2025

Forced mfa but root user doesnt have it

I enabled MFA forcing for local users but my sole local admin user, zitadel-admin@zitadel.zitadel.<mydomain>, doesn't have it so when I try to login I get Errors.Login.LoginPolicy.MFA.ForceAndNotConfigured and am now locked out.
Sergio
Sergio
View on Discord
7/11/2025

custom login html or background

Can I change the html of the login page or set a picture as the background? My instance has no passwords (except for the root account) and has no mfa (all users are federated). I want to change the login page to use USWDS or at least change the background picture
jesperwe
jesperwe
View on Discord
7/11/2025

How to create basic auth needed for /oauth/v2/token API

I am trying to figure out how to use the token exchange endpoint documented on https://zitadel.com/docs/guides/integrate/token-exchange#impersonation-by-user-id-example The examples use curl with the -u parameter for basic auth. But I cannot find anywhere how to generate this basic auth user:password pair. The Zitadel project in the admin UI has an Auth API Application app, but it only supports generating a private key JSON, and I can only find docs on how to generate a JWT from this, not a user:password for basic auth....
Krishna
Krishna
View on Discord
7/11/2025

Pangolin Identity Provider config

I am trying to add zitadel as IdP in Pangolin. I can get it to work without having any organization policy assigned but when the user logs in, there is no org assigned in pangolin. However, when I try to request roles in the openid scopes and then write a JMESPath as below for org policy: contains(urn:zitadel:iam:org:projects:roles, 'Admin') && 'Admin' contains(urn:zitadel:iam:org:projects:roles, 'Family') && 'Family' 'Member' The login method does not work. I have created Family and Admin Roles in zitadel and assigned it to the only user currently on zitadel. But still roles dont show up in the openid scope. How do I manage to set it ?...
No description
Sergio
Sergio
View on Discord
7/11/2025

Globally disable email auth

Hey team I have all of my users logging in through sso - they each have their own because they have their own idps - how can I disable email verification? see below for an explaination of my use case ```Federation Broker is a technology that enables users to access resources using credentials at their own identity provider. Furthermore, it enables users to provide access to other users without creating individual federation connections to each and every user. Here’s the typical setup. Users make or verify the setup of their own identity provider - it can be Okta, Microsoft Entra/Azure AD, Authentik, or anything else. They then connect their own IdP to their personal Cloudflare Zero Trust account. Next, a SaaS application is added to their Cloudflare Zero Trust application which is added as a IdP source within the Federation Broker Cloudflare Zero Trust account. Finally, the Federation Broker Cloudflare Zero Trust account is set as an IdP for resources and other destinations....
hailrake
hailrake
View on Discord
7/11/2025

The requested redirect_uri is missing in the client

{"error":"invalid_request","error_description":"The requested redirect_uri is missing in the client configuration. If you have any questions, you may contact the administrator of the application."} Where is the problem?...
No description
lbm
lbm
View on Discord
7/11/2025

Question about validating a user's roles within an organization

Hey everyone, appologies if there is already a similar thread about this. I looked quite hard but I wasn't able to find anything. My company is currently investigating Zitadel as a potential shared solution for product auth. From our perspective, is has a lot of clear benefits over the usual suspects like Keycloak. One thing that's got me a bit concerned is how our product teams will be able to validate the roles assigned to a user by a specific organization. As per the docs, with the urn:zitadel:iam:org:project:id:zitadel:aud scope, the userinfo endpoint will return roles in a structure like:...
Steve
Steve
View on Discord
7/10/2025

When setting up Zitadel, why is the default adminuser called `zitadel-admin@zitadel.localhost`?

When setting up Zitadel, why is the default adminuser called zitadel-admin@zitadel.localhost instead of zitadel-admin@localhost? I'm setting it up in my Kubernetes cluster, running Zitadel on domain zitadel.local.k8s and then the username becomes zitadel-admin@zitadel.zitadel.local.k8s. How to get it to simply be: zitadel-admin@zitadel.local.k8s?...
Larzous
Larzous
View on Discord
7/10/2025

EmailTemplate - Default Only or direct DB available?

In the sourcecode you provide the raw HTML file that is used for email generation when the SMTP email is sent: zitadel/internal/notification/static/templates /template.html From my reading of the documentation, in defaults.yml you provide EmailTemplate: which is a subsection of DefaultInstance:. Based on my investigation this is actually a base64 conversion of the html file above. -- As my instance is already setup and using EmailTemplate won't work for us have found that this file exists in hex format over in zitadel.projections.mail_templates2. There is only one instance with a hex entry in template(bytea)....
Caio Rosa
Caio Rosa
View on Discord
7/10/2025

Translator error while on 2fa screen, now my admin user is stuck in 2fa step

I've been using this regularly for months, we have in staging environment running with no problems, now in production environment for a couple of weeks starting tests to move real production apps on it, but today I suddenly go login to it and got this error. time="2025-07-09T10:40:22Z" level=warning msg="missing translation" args="map[]" caller="/home/runner/work/zitadel/zitadel/internal/i18n/translator.go:173" error="message "non-UTF-8 in decrypted string" not found in language "en"" id="non-UTF-8 in decrypted string" time="2025-07-09T10:40:37Z" level=warning msg="missing translation" args="map[]" caller="/home/runner/work/zitadel/zitadel/internal/i18n/translator.go:173" error="message "non-UTF-8 in decrypted string" not found in language "en"" id="non-UTF-8 in decrypted string" I couldn't find anything related to it on the docs or on github issues. Now my admin user is stuck in the 2fa screen and I cannot go back....
Guyzeroth
Guyzeroth
View on Discord
7/10/2025

Instance deletion deletes both with same name!?!? Help!

Hello, I am settting up a my-production instance, I initially created one but then deleted it as I screwed something up. I recreated another one with the same name it now shows two in the dashboard, one with a url assigned my-production.zitadel etc and one without. I deleted the one without and now both are gone?
Krishna
Krishna
View on Discord
7/9/2025

Docker instance failing installation at database access

I am trying to install zitadel to replace authentik on my Ugreen NAS. Somehow it always fails at the database access step. I have setup .env file with all the variables, however something seems to be wrong. zitadel-db container boots up and is healthy. zitadel container fails trying to access database and does not find user/ incorrect password. Any help is much appreciated!

docker-compose.yaml

guidolux
guidolux
View on Discord
7/9/2025

Test drive v4.0.0-rc1

I am trying to run version 4.0.0-rc1 on a server in my home network. I am using a local domain, and the port is 8080. On this release, the (embedded) console is not displaying at all. I had no error messages in the console during the startup phase. http://localdomain.com:8080/ui/console -> redirects to http://localdomain.com:8080/ui/v2/login/login?authRequest=V2_328122283870650372 this url return this JSON ...
No description
Larzous
Larzous
View on Discord
7/9/2025

Email Branding - Bug

Is there a way to get system emails to follow the login branding? Maybe even include our logo as part of the email header? I know with "Message Texts" you can change text within the emails, but they come with white backgrounds and the buttons are default purple. Are these updated for whatever "Light Theme" is set for? I set our system for Dark Mode Only and the emails still use the light default theme....
Larzous
Larzous
View on Discord
7/9/2025

Message Texts - Default Language Incorrect

Self-Hosted - v3.3.0 I think I found a bug? When I'm in the "Message Texts" section the page loads the first available Language from "Languages" despite English being set as the default. ...
No description
ĐARK々MÁTTER
ĐARK々MÁTTER
View on Discord
7/9/2025

How can I get the user last login date from id?

I have added service user as ORG USER MANAGER in the organization and now I have assignment to list all the users and their date of last login. How can I do this? /users/me won't work here....
Sk-7060131690
Sk-7060131690
View on Discord
7/9/2025

Default Role Not Assigned When Creating User from Console (PostCreation Trigger in Internal Auth )

Use-case: I’m working on setting up automated role assignment for users in my application using ZITADEL. I'm using both Zoho OIDC for external login and direct user creation via the ZITADEL console (invite flow). My goal is to assign the default 'user' role automatically right after a user is created—regardless of the method. Environment: ZITADEL Self Hosted...
PreviousNext