AIf I'm not wrong your use cases maybe matches triggering a Zitadel Action that performs the request against your service to obtain the group-id claims, that would be done on Flow Type "Complement Token" and "Pre access token creation" trigger. The action code would use
https://zitadel.com/docs/apis/actions/code-examples#set-hardcoded-claim
zitadel/http module to perform the request and api.v1.claims.setClaim(key, value) to set the claim.https://zitadel.com/docs/apis/actions/code-examples#set-hardcoded-claim
Actions are a powerful tool to extend ZITADEL and you might wonder what use cases actions can be used for.
AHere are the docs and an example from the actions repo:
https://zitadel.com/docs/apis/actions/modules
https://github.com/zitadel/actions/blob/main/examples/make_api_call.js (you'd name your script same as the function, "make_api_call").
Regarding the secrets I'm also concerned about it, I didn't find a way to dynamically resolve any kind of env variables from actions code, unless fetching them from another HTTP server or implementing some kind of "internal API server" (not exposed to public traffic) that is able to resolve secrets as needed and perform the request to other protected endpoint (ie: zitadel action -> internal API -> protected API).
https://zitadel.com/docs/apis/actions/modules
https://github.com/zitadel/actions/blob/main/examples/make_api_call.js (you'd name your script same as the function, "make_api_call").
Regarding the secrets I'm also concerned about it, I didn't find a way to dynamically resolve any kind of env variables from actions code, unless fetching them from another HTTP server or implementing some kind of "internal API server" (not exposed to public traffic) that is able to resolve secrets as needed and perform the request to other protected endpoint (ie: zitadel action -> internal API -> protected API).
GitHub
ZITADEL Actions - Easy extensibility with custom code. Think GitHub Actions in an Identity System. - zitadel/actions
MHi thanks for the discussion and the inputs. I've openend an improvement idea for Action Secrets: https://github.com/zitadel/zitadel/issues/9985
Feel free to upvote and also comment with your input, suggestions, or even just to let us know that this is something we should have a look at.
Feel free to upvote and also comment with your input, suggestions, or even just to let us know that this is something we should have a look at.
GitHub
Preflight Checklist I could not find a solution in the existing issues, docs, nor discussions I have joined the ZITADEL chat Describe your problem Currently users can't pull secret values into ...