ĐARK々MÁTTER•9mo ago

How can I create the human users programatically using APIs?

I have 2 organizations and I want to create users in them programatically based on the condition in the csv file, (I dont want to use the import feature because csv requires some transformation). I have tried with converting JSON file to jwt for management, auth and admin users and it didnt work.

go install github.com/zitadel/zitadel-tools@latest

zitadel-tools key2jwt --audience https://auth.example.com --key admin-api.json
zitadel-tools key2jwt --audience https://auth.example.com --key management-api.json
zitadel-tools key2jwt --audience https://auth.example.com --key auth-api.json

go install github.com/zitadel/zitadel-tools@latest

zitadel-tools key2jwt --audience https://auth.example.com --key admin-api.json
zitadel-tools key2jwt --audience https://auth.example.com --key management-api.json
zitadel-tools key2jwt --audience https://auth.example.com --key auth-api.json

And I used in the the key in the curl, just a matter of testing whether authentication key works or not

curl -L 'https://auth.example.com/v2/users' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer JWT_KEY' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 3,
    "asc": true
  }
}'

curl -L 'https://auth.example.com/v2/users' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer JWT_KEY' \
--data-raw '{
  "query": {
    "offset": "0",
    "limit": 3,
    "asc": true
  }
}'

Error I am getting

{"code":16,"message":"Errors.Token.Invalid (AUTH-7fs1e)","details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail","id":"AUTH-7fs1e","message":"Errors.Token.Invalid"}]}

{"code":16,"message":"Errors.Token.Invalid (AUTH-7fs1e)","details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail","id":"AUTH-7fs1e","message":"Errors.Token.Invalid"}]}

18 Replies

Unknown User•9mo ago

Message Not Public

ĐARK々MÁTTEROP•9mo ago

How can I set in the zitadel tools?

Unknown User•9mo ago

Message Not Public

ĐARK々MÁTTEROP•9mo ago

I am using it in php

Unknown User•9mo ago

Message Not Public

ĐARK々MÁTTEROP•9mo ago

Nope its not working for me adding scopes in jwt claim Yes i know, i tried in jwt.io

Unknown User•9mo ago

Message Not Public

ĐARK々MÁTTEROP•9mo ago

The scope is required in the token endpoint. Thanks for the nudge, but I am still getting error

curl --request POST \
  --url https://auth.example.com/oauth/v2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
  --data assertion=<JWT copied from zitadel-tools output>

curl --request POST \
  --url https://auth.example.com/oauth/v2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
  --data assertion=<JWT copied from zitadel-tools output>

The error I am getting in the docker console

time=2024-12-17T06:19:54.362Z level=ERROR msg="request error" oidc_error.parent="ID=OIDC-AhX2u Message=Errors.Internal Parent=(invalid signature (error fetching keys: ID=QUERY-Tha6f Message=Errors.AuthNKey.NotFound Parent=(sql: no rows in result set)))" oidc_error.description=Errors.Internal oidc_error.type=server_error status_code=500

time=2024-12-17T06:19:54.362Z level=ERROR msg="request error" oidc_error.parent="ID=OIDC-AhX2u Message=Errors.Internal Parent=(invalid signature (error fetching keys: ID=QUERY-Tha6f Message=Errors.AuthNKey.NotFound Parent=(sql: no rows in result set)))" oidc_error.description=Errors.Internal oidc_error.type=server_error status_code=500

Error message in the curl response

{"error":"server_error","error_description":"Errors.Internal"}

{"error":"server_error","error_description":"Errors.Internal"}

Unknown User•9mo ago

Message Not Public

ĐARK々MÁTTEROP•9mo ago

Tried, no luck

Raccine•9mo ago

Hey @ĐARK々MÁTTER! I think the following documentation would help you structure the flow you're trying to build - Please let me know if you have any other questions: https://zitadel.com/docs/guides/integrate/login/oidc/login-users#create-application

ZITADEL Docs

Overview

ĐARK々MÁTTEROP•9mo ago

It is oauth kind of flow. I want to create a user on zitadel from curl request

ĐARK々MÁTTEROP•9mo ago

https://zitadel.com/docs/apis/resources/user_service_v2/user-service-add-human-user How can I get Bearer Token here to create human user in any organization I want to?

ZITADEL Docs

Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned.

ĐARK々MÁTTEROP•9mo ago

For machine to machine clients zitadel recommends jwt bearer token, https://zitadel.com/docs/guides/integrate/login/oidc/oauth-recommended-flows#our-recommended-authorization-flows

ZITADEL Docs

Introduction

ĐARK々MÁTTEROP•9mo ago

I am using it as shown above, am I doing something wrong? @FFO you can help me now 😅

Raccine•9mo ago

Hey @ĐARK々MÁTTER! Based on what you're asking, this would be the right doc to look at: https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users

ZITADEL Docs

This guide explains ZITADEL service users and their role in facilitating secure machine-to-machine communication within your applications.

ĐARK々MÁTTEROP•9mo ago

Thanks @Raccine is it possible to have a service account that is admin of all the organizations? How can I authenticate the management service user from the zitadel organization?

ĐARK々MÁTTEROP•9mo ago

How can I create the human users programatically using APIs?

Did you find this page helpful?