Noah
Noah2w ago

Login V2 not working with virtual instance?

Hi, I'm trying to test out the virtual instance functionality, but I'm running into a problem when trying to sign in to the non-default instance. I'm running the standard docker compose from the docs (https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml), except for the fact that I added a system api user via the ZITADEL_SYSTEMAPIUSERS env var. The default instance works fine. I can go to localhost:8080 and it'll redirect me to :3000 for the login v2 ui, which allows me to login just fine. I then decided to create a virtual instance via /system/v1/instances/_create to test the virtual instance system. I gave it the custom domain test.localhost. The instance creation succeeds, but when I now go to test.localhost:8080 it redirects me to localhost:3000, which shows a blank http500 page. Even if I try to correct the url to test.localhost:3000, it still errors out. I looked in the docker logs and I see the following: 
zitadel-1  | 2025-08-27T16:46:42.329445661Z time="2025-08-27T16:46:42Z" level=error msg="query authRequest by ID" caller="/home/runner/work/zitadel/zitadel/internal/api/grpc/oidc/v2/oidc.go:25" error="ID=QUERY-Thee9 Message=Errors.AuthRequest.NotExisting Parent=(sql: no rows in result set)"
login-1    | 2025-08-27T16:46:42.335941960Z Error [ConnectError]: [not_found] Auth Request does not exist (QUERY-Thee9)
login-1    | 2025-08-27T16:46:42.335961340Z     at u (.next/server/chunks/2834.js:2:24661)
login-1    | 2025-08-27T16:46:42.335964210Z     at w (.next/server/chunks/2834.js:2:25793)
login-1    | 2025-08-27T16:46:42.335966570Z     at next (.next/server/chunks/2834.js:2:61974)
login-1    | 2025-08-27T16:46:42.335968820Z     at async Object.unary (.next/server/chunks/2834.js:2:60706)
login-1    | 2025-08-27T16:46:42.335980150Z     at async Object.i [as getAuthRequest] (.next/server/chunks/2834.js:10:9543)
login-1    | 2025-08-27T16:46:42.335981750Z     at async T (.next/server/app/login/route.js:1:6629)
login-1    | 2025-08-27T16:46:42.335983140Z     at async k (.next/server/app/login/route.js:13:2803) {
login-1    | 2025-08-27T16:46:42.335984630Z   rawMessage: 'Auth Request does not exist (QUERY-Thee9)',
login-1    | 2025-08-27T16:46:42.335985960Z   code: 5,
login-1    | 2025-08-27T16:46:42.335987270Z   metadata: Headers {
login-1    | 2025-08-27T16:46:42.335988640Z     'grpc-message': 'Auth Request does not exist (QUERY-Thee9)',
login-1    | 2025-08-27T16:46:42.335989980Z     'grpc-status': '5',
login-1    | 2025-08-27T16:46:42.335991310Z     'grpc-status-details-bin': 'CAUSKUF1dGggUmVxdWVzdCBkb2VzIG5vdCBleGlzdCAoUVVFUlktVGhlZTkpGlgKKnR5cGUuZ29vZ2xlYXBpcy5jb20veml0YWRlbC52MS5FcnJvckRldGFpbBIqCgtRVUVSWS1UaGVlORIbQXV0aCBSZXF1ZXN0IGRvZXMgbm90IGV4aXN0',
login-1    | 2025-08-27T16:46:42.335992810Z     'content-type': 'application/grpc+proto',
login-1    | 2025-08-27T16:46:42.335994130Z     date: 'Wed, 27 Aug 2025 16:46:42 GMT',
login-1    | 2025-08-27T16:46:42.335995450Z     'grpc-accept-encoding': 'gzip',
login-1    | 2025-08-27T16:46:42.335996760Z     'grpc-encoding': 'gzip',
login-1    | 2025-08-27T16:46:42.335998060Z     vary: 'Origin',
login-1    | 2025-08-27T16:46:42.335999310Z     'x-robots-tag': 'none'
login-1    | 2025-08-27T16:46:42.336000720Z   },
login-1    | 2025-08-27T16:46:42.336002110Z   details: [Array],
login-1    | 2025-08-27T16:46:42.336003460Z   cause: undefined
login-1    | 2025-08-27T16:46:42.336004710Z }
zitadel-1  | 2025-08-27T16:46:42.329445661Z time="2025-08-27T16:46:42Z" level=error msg="query authRequest by ID" caller="/home/runner/work/zitadel/zitadel/internal/api/grpc/oidc/v2/oidc.go:25" error="ID=QUERY-Thee9 Message=Errors.AuthRequest.NotExisting Parent=(sql: no rows in result set)"
login-1    | 2025-08-27T16:46:42.335941960Z Error [ConnectError]: [not_found] Auth Request does not exist (QUERY-Thee9)
login-1    | 2025-08-27T16:46:42.335961340Z     at u (.next/server/chunks/2834.js:2:24661)
login-1    | 2025-08-27T16:46:42.335964210Z     at w (.next/server/chunks/2834.js:2:25793)
login-1    | 2025-08-27T16:46:42.335966570Z     at next (.next/server/chunks/2834.js:2:61974)
login-1    | 2025-08-27T16:46:42.335968820Z     at async Object.unary (.next/server/chunks/2834.js:2:60706)
login-1    | 2025-08-27T16:46:42.335980150Z     at async Object.i [as getAuthRequest] (.next/server/chunks/2834.js:10:9543)
login-1    | 2025-08-27T16:46:42.335981750Z     at async T (.next/server/app/login/route.js:1:6629)
login-1    | 2025-08-27T16:46:42.335983140Z     at async k (.next/server/app/login/route.js:13:2803) {
login-1    | 2025-08-27T16:46:42.335984630Z   rawMessage: 'Auth Request does not exist (QUERY-Thee9)',
login-1    | 2025-08-27T16:46:42.335985960Z   code: 5,
login-1    | 2025-08-27T16:46:42.335987270Z   metadata: Headers {
login-1    | 2025-08-27T16:46:42.335988640Z     'grpc-message': 'Auth Request does not exist (QUERY-Thee9)',
login-1    | 2025-08-27T16:46:42.335989980Z     'grpc-status': '5',
login-1    | 2025-08-27T16:46:42.335991310Z     'grpc-status-details-bin': 'CAUSKUF1dGggUmVxdWVzdCBkb2VzIG5vdCBleGlzdCAoUVVFUlktVGhlZTkpGlgKKnR5cGUuZ29vZ2xlYXBpcy5jb20veml0YWRlbC52MS5FcnJvckRldGFpbBIqCgtRVUVSWS1UaGVlORIbQXV0aCBSZXF1ZXN0IGRvZXMgbm90IGV4aXN0',
login-1    | 2025-08-27T16:46:42.335992810Z     'content-type': 'application/grpc+proto',
login-1    | 2025-08-27T16:46:42.335994130Z     date: 'Wed, 27 Aug 2025 16:46:42 GMT',
login-1    | 2025-08-27T16:46:42.335995450Z     'grpc-accept-encoding': 'gzip',
login-1    | 2025-08-27T16:46:42.335996760Z     'grpc-encoding': 'gzip',
login-1    | 2025-08-27T16:46:42.335998060Z     vary: 'Origin',
login-1    | 2025-08-27T16:46:42.335999310Z     'x-robots-tag': 'none'
login-1    | 2025-08-27T16:46:42.336000720Z   },
login-1    | 2025-08-27T16:46:42.336002110Z   details: [Array],
login-1    | 2025-08-27T16:46:42.336003460Z   cause: undefined
login-1    | 2025-08-27T16:46:42.336004710Z }
If I had to guess what's happening here I'd say the zitadel instance is looking up the auth request for the wrong virtual instance and is failing because it won't exist for the default instance. That said, I'm not knowledgeable enough about how zitadel works to know how to properly debug or fix this. If anyone knows how to solve this issue or how to help me debug, help would be much appreciated. Thanks!
3 Replies
Ask Inkeep
Ask Inkeep2w ago
Hi @Noah, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. External ZITADEL Access : This explains how ZITADEL uses the Host header to determine which virtual instance to use, and covers configuration for ExternalDomain, ExternalPort, and ExternalSecure settings. 2. Issue with authorization request details : A similar issue where someone experienced authorization request problems in a KinD cluster setup, with the error suggesting protocol or domain configuration issues. If you'd like me to click the "Ask for help" button to tag a team member for assistance with this virtual instance configuration issue, let me know! Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.
Noah
NoahOP2w ago
For what it's worth: this also happens on a kubernetes deployment where the login ui v2 lives at /ui/v2/login
fcoppede
fcoppede7d ago
hello @Noah thanks for reaching out! I will review this with my team and get back to you shortly

Did you find this page helpful?