Can't set user grants from info in user metadata set from external auth provider via Actions
Hey all. I might be missing something obvious here, but hope someone can point me in the right direction.
I'm self-hosting on v3.3.0 and trying to set up a user access flow using ActionsV1 and GitHub as the identity provider (via Dex) and seem to have hit a wall due to the availability of certain methods in Actions and their execution flow. This is a flow I had set up in Keycloak which, whilst pretty clunky, was working as expected.
I'm running Zitadel as an internal service to development teams. The flow I'm trying to set up is the following:
1. Internal user without an existing Zitadel account wants to access one of the clients, or accesses the Zitadel UI directly.
2. Zitadel prompts for login, user selects to sign-in via GitHub
3. User authenticates successfully and gets redirected back to Zitadel
4. User is presented with the few profile fields to fill out and clicks "Register" to create their Zitadel user
5. Based on the GitHub teams list returned by Dex as part of 3, add user metadata to their Zitadel user containing a "primary" team and the full list of GitHub teams they're a member of
6. Automatically assign user grants for that user based on their team membership as defined in user metadata
I currently have two Actions configured:
I'm self-hosting on v3.3.0 and trying to set up a user access flow using ActionsV1 and GitHub as the identity provider (via Dex) and seem to have hit a wall due to the availability of certain methods in Actions and their execution flow. This is a flow I had set up in Keycloak which, whilst pretty clunky, was working as expected.
I'm running Zitadel as an internal service to development teams. The flow I'm trying to set up is the following:
1. Internal user without an existing Zitadel account wants to access one of the clients, or accesses the Zitadel UI directly.
2. Zitadel prompts for login, user selects to sign-in via GitHub
3. User authenticates successfully and gets redirected back to Zitadel
4. User is presented with the few profile fields to fill out and clicks "Register" to create their Zitadel user
5. Based on the GitHub teams list returned by Dex as part of 3, add user metadata to their Zitadel user containing a "primary" team and the full list of GitHub teams they're a member of
6. Automatically assign user grants for that user based on their team membership as defined in user metadata
I currently have two Actions configured:
processGitHubLoginprocessGitHubLogin, which runs on the ExternalAuth flow at PostAuth, and grantInitialRolesgrantInitialRoles which also runs on the ExternalAuth flow at PostCreation stage.
