Login V1 + Actions V2: alternatives to "(Actions V1) External Authentication / Post Authentication"?
Is there any alternative to '(Actions V1) External Authentication / Post Authentication' on Actions V2 when using Login V1?
I see on the documentation (Migrate from Actions v1 to v2) suggestions to use the response of
/zitadel.user.v2.UserService/RetrieveIdentityProviderIntent, however from my own testing I see that action executions on that response are not triggered when using Login V1, only when using Login V2. I've tried with a few other similar responses, and none of them were triggered when using login V1 after a successful external authentication either:
I'm running Zitadel self-hosted, mostly on Zitadel v3.4.2, but also tried with Zitadel v4.6.2 and confirmed that /zitadel.user.v2.UserService/RetrieveIdentityProviderIntent is not triggered when using Login V1 on that version either...
Is this expected or a bug? I don't see it mentioned anywhere in the documentation that those should only work with Actions V2.
Is there any alternative to those if I want to execute an action following to external authentications (using Actions V2)?4 Replies
Hi @bawsky, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer about Login V1 compatibility with Actions V2 response triggers in the available sources. Here are some potentially relevant sources:
1. Migrate from Actions v1 to v2 (1) : This guide shows the migration path for external authentication, specifically mentioning handling information mapping through the response on
/zitadel.user.v2.UserService/RetrieveIdentityProviderIntent, but doesn't explicitly state Login V1 vs V2 compatibility.
2. Test Actions Response Manipulation (2) : Provides examples of response manipulation for /zitadel.user.v2.UserService/RetrieveIdentityProviderIntent without specifying Login version requirements.
The sources don't explicitly document whether Actions V2 response triggers work with Login V1 or if they require Login V2. This appears to be a gap in the documentation regarding compatibility between Login versions and Actions V2.
Would you like me to provide a general answer based on my knowledge instead? Alternatively, I'd recommend:
- Visit Contact
- Visit GitHub
- Visit Discord
ā
To learn more, see the sources I considered:
[1] Migrate from Actions v1 to v2
[2] Test Actions Response Manipulation
ā
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.Btw I also tried setting
condition: { request: "all" } and condition: { response: "all" } (screenshot attached from my local testing environment)
...but even doing that, my webhook server didn't receive any request after a successful V1 external authentication š
For now I'm workarounding using the function preaccesstoken (which does work - confirming that my webhook server is reacheable), which doesn't really include all information that I'd like to work with, so not really ideal
I've also attempted to work with the oidc_session.added event, but found out that action executions on events aren't really synchronous so it's also not ideal (my frontend receives the access token from zitadel before my server process the event payload)
Hey @Rajat , do you know if there's any known compability gotchas between Actions v2 and Login v1? Could it be that this a bug I stumbled on?
I'd be happy to open a GitHub issue if this looks like a bug
We're currently reliant on Login V1 so it's in our best interest in seeing it fully compatible with other Zitadel features (or at least clear documentation on where it may not have full compatibility)
hey @bawsky we are not aware of any compatibility issues. I need more time right now to reproduce this so could be a bug if you tested similar behavior multipule times.