OscarO
ZITADELā€¢4mo agoā€¢
7 replies
Oscar

AddIDPLink Failing with COMMAND-39nf2

Env: Self-hosted
Version: Latest
Stack: Docker here (using k8s in prod)



I'm trying to link a user to an IDP account, but I'm getting some trouble.

My flow is like this:
1. User enters loginName
2. Create session, get userId, OrgId (and from that, login policy)
3. Get IDP id from login policy
4. Begin IDP intent
5. When that comes back, since userId is not given as a param, try to register user to idp:
6. Fetch the IDP intent response (to get idpUserId, idpUsername etc.)
7. Try to add link using the above.
8. Use in session flow


Everything up to 7 seems to be working as expected.

The login policy pulled for my user looks like:
{
  ...,
  idps: [{
    idpId: "123",
    idpName: "xyz",
    idpType: "IDP_TYPE_OIDC"
  }]
}



But when I go to link, I get the following error:
{
code: 9,
message: "Identity Provider Configuration doesn't exist (COMMAND-39nf2)",
  details: [
    {
      id: 'COMMAND-39nf2',
      message: "Identity Provider Configuration doesn't exist",
      '@type': 'type.googleapis.com/zitadel.v1.ErrorDetail'
    }
  ]
}


With Zitadel logging:
time="2025-09-26T16:57:22Z" level=info msg=activity caller="/home/runner/work/zitadel/zitadel/internal/activity/activity.go:105" domain="http://localhost:4000" grpcStatus=9 httpStatus=400 instance=338537221218918664 isSystemUser=false method=/zitadel.user.v2.UserService/AddIDPLink org=2 path=/v2/users/339565371126210824/links requestMethod=POST trigger=resourceAPI user=338537221219770632


The orgId here is correct, the id in the path is correct (the user=<id> is my login client service user) - so I'm not really sure what the issue is?

Am i doing something fundamentally wrong here? Or is this a bug?
Was this page helpful?