Service User - Oauth token fetch Fails with 500 Internal Error

Use-case: A multitenant SaaS solution where a tenant superuser can manage users from their own application through the SaaS platform. The Admin API will be handled via my Service account and it will manage the users on the super user's request
Environment: Zitadel Cloud
Version: V2 (for the Admin API requests)
Stack: Python + React

I want to test my service account for which I granted all rights at the instance level. See screenshot. I'm following the guide described in https://zitadel.com/docs/guides/integrate/service-users/private-key-jwt

I succeed in creating the JWT but as soon as I request the Oauth token, I get a 500. If my credentials were wrong, I would expect a 4XX.

Response status: 500
Response headers: {'cache-control': 'no-store', 'content-type': 'application/json', 'expires': 'Wed, 16 Jul 2025 07:36:49 GMT', 'pragma': 'no-cache', 'set-cookie': '__Host-zitadel.useragent=MTc1MjY1NTAwOXx4eVNOYTJLMm5CeUZTRndJc3NLS1FyNHdpQzc3eFlwVVk4SHdFNmRFRWkxVEhGNjdqTDJyczZ0aV9lVmxiZmhiaDB5OVpWbkFEN2Q1SE95ZVZEeDZSak81bUdlc2FRPT18GQZ2SRQNVYR0tlLxT0KgteGZkzrpjnZKEz2t4thNUBE=; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None, zitadel.quota.exhausted=; Path=/; Max-Age=0; SameSite=Lax', 'vary': 'Origin,Cookie', 'x-robots-tag': 'none', 'content-length': '63', 'date': 'Wed, 16 Jul 2025 08:36:49 GMT', 'server': 'Google Frontend', 'traceparent': '00-32ebc9e7e38f5ba6c18ad48af5014918-abcec5a3877d2b7e-00', 'x-cloud-trace-context': '32ebc9e7e38f5ba6c18ad48af5014918/12380049731831540606', 'via': '1.1 google', 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload', 'x-cache-hit': 'uncacheable', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}

Response: {"error":"server_error","error_description":"Errors.Internal"}

Response status: 500
Response headers: {'cache-control': 'no-store', 'content-type': 'application/json', 'expires': 'Wed, 16 Jul 2025 07:36:49 GMT', 'pragma': 'no-cache', 'set-cookie': '__Host-zitadel.useragent=MTc1MjY1NTAwOXx4eVNOYTJLMm5CeUZTRndJc3NLS1FyNHdpQzc3eFlwVVk4SHdFNmRFRWkxVEhGNjdqTDJyczZ0aV9lVmxiZmhiaDB5OVpWbkFEN2Q1SE95ZVZEeDZSak81bUdlc2FRPT18GQZ2SRQNVYR0tlLxT0KgteGZkzrpjnZKEz2t4thNUBE=; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None, zitadel.quota.exhausted=; Path=/; Max-Age=0; SameSite=Lax', 'vary': 'Origin,Cookie', 'x-robots-tag': 'none', 'content-length': '63', 'date': 'Wed, 16 Jul 2025 08:36:49 GMT', 'server': 'Google Frontend', 'traceparent': '00-32ebc9e7e38f5ba6c18ad48af5014918-abcec5a3877d2b7e-00', 'x-cloud-trace-context': '32ebc9e7e38f5ba6c18ad48af5014918/12380049731831540606', 'via': '1.1 google', 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload', 'x-cache-hit': 'uncacheable', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}

Response: {"error":"server_error","error_description":"Errors.Internal"}

Response status: 500
Response headers: {'cache-control': 'no-store', 'content-type': 'application/json', 'expires': 'Wed, 16 Jul 2025 07:36:49 GMT', 'pragma': 'no-cache', 'set-cookie': '__Host-zitadel.useragent=MTc1MjY1NTAwOXx4eVNOYTJLMm5CeUZTRndJc3NLS1FyNHdpQzc3eFlwVVk4SHdFNmRFRWkxVEhGNjdqTDJyczZ0aV9lVmxiZmhiaDB5OVpWbkFEN2Q1SE95ZVZEeDZSak81bUdlc2FRPT18GQZ2SRQNVYR0tlLxT0KgteGZkzrpjnZKEz2t4thNUBE=; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None, zitadel.quota.exhausted=; Path=/; Max-Age=0; SameSite=Lax', 'vary': 'Origin,Cookie', 'x-robots-tag': 'none', 'content-length': '63', 'date': 'Wed, 16 Jul 2025 08:36:49 GMT', 'server': 'Google Frontend', 'traceparent': '00-32ebc9e7e38f5ba6c18ad48af5014918-abcec5a3877d2b7e-00', 'x-cloud-trace-context': '32ebc9e7e38f5ba6c18ad48af5014918/12380049731831540606', 'via': '1.1 google', 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload', 'x-cache-hit': 'uncacheable', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}

Response: {"error":"server_error","error_description":"Errors.Internal"}

Response status: 500
Response headers: {'cache-control': 'no-store', 'content-type': 'application/json', 'expires': 'Wed, 16 Jul 2025 07:36:49 GMT', 'pragma': 'no-cache', 'set-cookie': '__Host-zitadel.useragent=MTc1MjY1NTAwOXx4eVNOYTJLMm5CeUZTRndJc3NLS1FyNHdpQzc3eFlwVVk4SHdFNmRFRWkxVEhGNjdqTDJyczZ0aV9lVmxiZmhiaDB5OVpWbkFEN2Q1SE95ZVZEeDZSak81bUdlc2FRPT18GQZ2SRQNVYR0tlLxT0KgteGZkzrpjnZKEz2t4thNUBE=; Path=/; Max-Age=31536000; HttpOnly; Secure; SameSite=None, zitadel.quota.exhausted=; Path=/; Max-Age=0; SameSite=Lax', 'vary': 'Origin,Cookie', 'x-robots-tag': 'none', 'content-length': '63', 'date': 'Wed, 16 Jul 2025 08:36:49 GMT', 'server': 'Google Frontend', 'traceparent': '00-32ebc9e7e38f5ba6c18ad48af5014918-abcec5a3877d2b7e-00', 'x-cloud-trace-context': '32ebc9e7e38f5ba6c18ad48af5014918/12380049731831540606', 'via': '1.1 google', 'strict-transport-security': 'max-age=63072000; includeSubDomains; preload', 'x-cache-hit': 'uncacheable', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}

Response: {"error":"server_error","error_description":"Errors.Internal"}

Attached, you can find my Python script that I used for debugging.

Is there a way for me to see the server logs to understand the "Errors.Internal" ?
Could there be an issue at Zitadel's side?

test_zitadel_jwt.py5.21KB

Service User - Oauth token fetch Fails with 500 Internal Error

Similar Threads

Similar Threads

Similar Threads