Linus•this hour

External OAuth2 provider Error:SetHumanProfile.GivenName: value length must be between 1 and 200 run

I use an external OAuth2 provider as an alternative to the default zitadel login. Currently im facing the following error after succesfull OAuth login flow: "[invalid_argument] invalid AddHumanUserRequest.Profile: embedded message failed validation | caused by: invalid SetHumanProfile.GivenName: value length must be between 1 and 200 runes, inclusive" Zitadel is requesting the OAuth2 user endpoint and getting the following example response:

{
   "sub": "8d4925e3-8f41-4e4d-9654-6c5f183fda06",
   "id": 200,
   "uuid": "8d4925e3-8f41-4e4d-9654-6c5f183fda06",
   "username": "j.doe",
   "name:": "John Doe",
   "salutation": "mr",
   "firstname": "John",
   "lastname": "Doe",
   "family_name": "Doe",
   "email": "john_doe@example.com",
   "given_name": "John",
   "givenName": "John" // tested with all several combinations "GivenName", "profile.givenName", "profile.given_name"..
}

{
   "sub": "8d4925e3-8f41-4e4d-9654-6c5f183fda06",
   "id": 200,
   "uuid": "8d4925e3-8f41-4e4d-9654-6c5f183fda06",
   "username": "j.doe",
   "name:": "John Doe",
   "salutation": "mr",
   "firstname": "John",
   "lastname": "Doe",
   "family_name": "Doe",
   "email": "john_doe@example.com",
   "given_name": "John",
   "givenName": "John" // tested with all several combinations "GivenName", "profile.givenName", "profile.given_name"..
}

Zitadel Settings: - ID Attribute: "sub" (uuid is working as well) - Scopes: "user:read" Questions: - Is there any example response in the docs where the correct userendpoint json structure is listed for the external OAuth2 IDP? - Can anyone help how the "given_name" must me formatted? Thank u so much

1 Reply

Ask Inkeep•this hour

Hi @Linus, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. Using Actions : This documentation shows how to use Actions to customize user data mapping from external providers, including token extension and user management workflows (1) . 2. [Bug]: Generic OAuth IdP registration fails because IdP intent does not contain username (analysis included) : This GitHub issue describes a similar problem where the generic OAuth provider mapper doesn't extract preferred_username claims and returns empty strings, with a suggestion to use Actions as a workaround (2) . The issue appears to be related to how ZITADEL's generic OAuth provider maps user attributes from your OAuth2 endpoint response. You may need to use Actions to properly map the user data from your provider's response format. To learn more, see the sources I considered: [1] Using Actions [2] [Bug]: Generic OAuth IdP registration fails because IdP intent does not contain username (analysis included) Feel free to tag @Ask Inkeep with additional questions. Got it. Tagging @Rajat for additional help.

External OAuth2 provider Error:SetHumanProfile.GivenName: value length must be between 1 and 200 run

Did you find this page helpful?