unable to use management of user

R

Rajat Singh•3/21/25, 9:27 AM

hi @unique. thanks for your question. May I know what you already tried for both rest/grpc?
what errors you got and what docs did you followed(if any)

__unique._@Rajat this one is for rest

R

Rajat Singh•3/21/25, 11:38 AM

hi @unique. let me check and will get back to you

__unique._@Rajat this one is for rest

R

Rajat Singh•3/21/25, 11:46 AM

your code looks fine. few more questions are you

creating a service user?.
Grant Manager permissions to the service user.
Create a key pair for the service user who wants to access the Zitadel API?.

R

Rajat Singh•3/21/25, 11:47 AM

go run main.go --domain <your zitadel instance domain> --key ./key.json

go run main.go --domain <your zitadel instance domain> --key ./key.json

go run main.go --domain <your zitadel instance domain> --key ./key.json

go run main.go --domain <your zitadel instance domain> --key ./key.json

this is how you should be running your code,

key.json

key.json

key.json

key.json is the key pair you create for that service user.

__unique._1. yes for my backend i need to manage user i.e create, update, grant role, acti...

R

Rajat Singh•3/21/25, 11:55 AM

you can use this API
https://zitadel.com/docs/apis/resources/mgmt/user-grants
to perform user grants

wdym by "there is no flag to parse this, then how would i handle that"

__unique._in the first set code block i followed the same documentation, still i can't abl...

R

Rajat Singh•3/21/25, 12:04 PM

what was the error you are getting when you run the program?
I copied the rest code, I will try to run it with my keys but asking you just incase as the code seems okay to me

__unique._i cannot able to get the access token in that, even though the key file is not e...

R

Rajat Singh•3/24/25, 5:52 AM

hi @unique. I will check it

__unique._1. yes for my backend i need to manage user i.e create, update, grant role, acti...

R

Rajat Singh•3/24/25, 1:10 PM

Hi @unique. I guess similar problem here too I guess, you need to grant manager role to your user
https://zitadel.com/docs/guides/integrate/zitadel-apis/access-zitadel-apis#2-grant-a-manager-role-to-the-service-user

ZITADEL Docs

This guide explains what ZITADEL APIs are and how to access ZITADEL APIs using a service user to manage all types of resources and settings.

__unique._✅ Client ID: 311685902382494534 ✅ client secret: -----BEGIN RSA PRIVATE KEY-----...

R

Rajat Singh•3/25/25, 5:49 AM

hi and goodmorning

if you see the error, it says ""invalid_client" "client not found"", it could be a client mismatch that is happening.
Did you tried generating another key pair after assigning the manager role?
I will try your setup against my service user anyways, but this could be the issue.
Let me check

R

Rajat Singh•3/25/25, 5:58 AM

thanks for conforming, give me some time and I will get back to you

__unique._✅ Client ID: 311685902382494534 ✅ client secret: -----BEGIN RSA PRIVATE KEY-----...

R

Rajat Singh•3/25/25, 9:55 AM

hey @unique. I am discussing this internally, will get back to you soon

R

Rajat Singh•3/25/25, 12:10 PM

hi @unique. similarly here, can you pls point the file name which you tried running?.

__unique._hi Good morning, it's not the file from the example, i worte this code using the...

R

Rajat Singh•3/28/25, 7:39 AM

Hi @unique. I was able to make auth token work
itadel-go will create the authentication for your client
but it’s essentially based on the oidc library
this is the part in zitadel-go: https://github.com/zitadel/zitadel-go/blob/main/pkg/client/middleware/auth.go#L28-L57
used for example in the mgmt client example: https://github.com/zitadel/zitadel-go/blob/main/example/mgmt/mgmt.go#L39

I modiefied your accessToken code a bit to make it work, based on what I said above

func getAccessToken() string {
    issuer := zitadelDomain
    jsonFilePath := "api.json"                                                         // Ensure this constant/variable is defined
    scopes := []string{oidc.ScopeOpenID, "urn:zitadel:iam:org:project🆔zitadel:aud"} // Adjust scopes as needed, but you need it to access zitadel APIs

    tokenSource, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, jsonFilePath, scopes)
    if err != nil {
        // Log the values being used
        log.Printf("❌ Failed to create JWT profile token source. Issuer: '%s', Keyfile: '%s'. Error: %v", issuer, jsonFilePath, err)
        log.Fatalf("Exiting.") // Use Fatalf to print and exit
    }

    // Retrieve the token using the token source
    token, err := tokenSource.Token()
    if err != nil {
        log.Fatalf("❌ Failed to get access token using JWT profile: %v", err)
    }

    fmt.Println("✅ Access Token Obtained via JWT Profile Grant")
    return token.AccessToken
}

func getAccessToken() string {
    issuer := zitadelDomain
    jsonFilePath := "api.json"                                                         // Ensure this constant/variable is defined
    scopes := []string{oidc.ScopeOpenID, "urn:zitadel:iam:org:project🆔zitadel:aud"} // Adjust scopes as needed, but you need it to access zitadel APIs

    tokenSource, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, jsonFilePath, scopes)
    if err != nil {
        // Log the values being used
        log.Printf("❌ Failed to create JWT profile token source. Issuer: '%s', Keyfile: '%s'. Error: %v", issuer, jsonFilePath, err)
        log.Fatalf("Exiting.") // Use Fatalf to print and exit
    }

    // Retrieve the token using the token source
    token, err := tokenSource.Token()
    if err != nil {
        log.Fatalf("❌ Failed to get access token using JWT profile: %v", err)
    }

    fmt.Println("✅ Access Token Obtained via JWT Profile Grant")
    return token.AccessToken
}

func getAccessToken() string {
    issuer := zitadelDomain
    jsonFilePath := "api.json"                                                         // Ensure this constant/variable is defined
    scopes := []string{oidc.ScopeOpenID, "urn:zitadel:iam:org:project🆔zitadel:aud"} // Adjust scopes as needed, but you need it to access zitadel APIs

    tokenSource, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, jsonFilePath, scopes)
    if err != nil {
        // Log the values being used
        log.Printf("❌ Failed to create JWT profile token source. Issuer: '%s', Keyfile: '%s'. Error: %v", issuer, jsonFilePath, err)
        log.Fatalf("Exiting.") // Use Fatalf to print and exit
    }

    // Retrieve the token using the token source
    token, err := tokenSource.Token()
    if err != nil {
        log.Fatalf("❌ Failed to get access token using JWT profile: %v", err)
    }

    fmt.Println("✅ Access Token Obtained via JWT Profile Grant")
    return token.AccessToken
}

func getAccessToken() string {
    issuer := zitadelDomain
    jsonFilePath := "api.json"                                                         // Ensure this constant/variable is defined
    scopes := []string{oidc.ScopeOpenID, "urn:zitadel:iam:org:project🆔zitadel:aud"} // Adjust scopes as needed, but you need it to access zitadel APIs

    tokenSource, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, jsonFilePath, scopes)
    if err != nil {
        // Log the values being used
        log.Printf("❌ Failed to create JWT profile token source. Issuer: '%s', Keyfile: '%s'. Error: %v", issuer, jsonFilePath, err)
        log.Fatalf("Exiting.") // Use Fatalf to print and exit
    }

    // Retrieve the token using the token source
    token, err := tokenSource.Token()
    if err != nil {
        log.Fatalf("❌ Failed to get access token using JWT profile: %v", err)
    }

    fmt.Println("✅ Access Token Obtained via JWT Profile Grant")
    return token.AccessToken
}

R

Rajat Singh•3/28/25, 7:40 AM

R

Rajat Singh•3/28/25, 7:41 AM

and as a word of suggestion, please do not copy paste the entire code

it makes debugging time harder, please post the super minimal code/snippet for the next time

__unique._❌ Failed to get access token using JWT profile: http status not ok: 500 Internal...

R

Rajat Singh•3/29/25, 10:29 AM

Hey @unique.
Write me a small code snippet with minimal reproduce that I can try and I'll check it on Monday

R

Rajat Singh•3/29/25, 10:31 AM

And also the service user that you have created
Please mention the doc that you followed, I'm on phone but this if you're doing everything Correct, that means something's wrong that I'm not able to understand, so I need more evidence and fix it

__unique._hi Good morning, it's not the file from the example, i worte this code using the...

R

Rajat Singh•3/29/25, 11:00 AM

which documentation did you followed?