Issue: Session API Returns "membership not found" Error Despite Correct Permissions

Hey team!

I'm getting a membership not found (AUTHZ-cdgFk) error when trying to create sessions via POST /v2/sessions, even though my service account seems properly configured.

Setup:

Zitadel running in Docker (localhost:8081)
Service account created at Organization level
Service account has Org Owner role
Using PAT token for authentication
Users exist in the same organization as the service account and i double checked the password

request :

POST /v2/sessions
Authorization: Bearer {PAT_TOKEN}

{
  "checks": {
    "user": {
      "loginName": "lcanavaggio@wedigital.garden"
    },
    "password": {
      "password": "Azerty1234****"
    }
  }
}

POST /v2/sessions
Authorization: Bearer {PAT_TOKEN}

{
  "checks": {
    "user": {
      "loginName": "lcanavaggio@wedigital.garden"
    },
    "password": {
      "password": "Azerty1234****"
    }
  }
}

POST /v2/sessions
Authorization: Bearer {PAT_TOKEN}

{
  "checks": {
    "user": {
      "loginName": "lcanavaggio@wedigital.garden"
    },
    "password": {
      "password": "Azerty1234****"
    }
  }
}

POST /v2/sessions
Authorization: Bearer {PAT_TOKEN}

{
  "checks": {
    "user": {
      "loginName": "lcanavaggio@wedigital.garden"
    },
    "password": {
      "password": "Azerty1234****"
    }
  }
}

Error :

{
  "code": 5,
  "message": "membership not found (AUTHZ-cdgFk)",
  "details": [
    {
      "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
      "id": "AUTHZ-cdgFk",
      "message": "membership not found"
    }
  ]
}

{
  "code": 5,
  "message": "membership not found (AUTHZ-cdgFk)",
  "details": [
    {
      "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
      "id": "AUTHZ-cdgFk",
      "message": "membership not found"
    }
  ]
}

{
  "code": 5,
  "message": "membership not found (AUTHZ-cdgFk)",
  "details": [
    {
      "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
      "id": "AUTHZ-cdgFk",
      "message": "membership not found"
    }
  ]
}

{
  "code": 5,
  "message": "membership not found (AUTHZ-cdgFk)",
  "details": [
    {
      "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
      "id": "AUTHZ-cdgFk",
      "message": "membership not found"
    }
  ]
}

Use Case: Building a backend service that needs to validate user credentials (username + password) for login purposes. We manage our own JWT tokens after validation.
Any guidance would be much appreciated!

Ask Inkeep•11/28/25, 2:01 PM

Hi @NinjqTune, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.

Ask Inkeep•11/28/25, 2:01 PM

Answer

The "membership not found (AUTHZ-cdgFk) " error occurs because your service account needs the IAM_OWNER role, not just the Org Owner role (1) (2) .

To resolve this:

Navigate to /ui/console/instance/members/ui/console/instance/members in your ZITADEL console questions-help-bugsUsing Admin API with Service Account in multi tenant setup is returning 403
Add your service account as a member with the IAM_OWNER role (1) (2)

The Org Owner role alone is insufficient for calling the /v2/sessions/v2/sessions endpoint . After assigning the IAM_OWNER role to your service account, your session creation requests should work .

Note: Personal Access Tokens (PATs) for service accounts can be generated, but they are long-lived bearer tokens that should be stored securely (4) . For your use case of validating user credentials in a backend service, consider whether the Client Credentials flow or Private Key JWT might be more appropriate authentication methods for your service account .

Ask Inkeep•11/28/25, 2:01 PM

To learn more, see the sources I considered:

[1] V2 session returning "membership not found"
[2] [Bug]: missing translation error during calls to /v2/sessions
questions-help-bugsUsing Admin API with Service Account in multi tenant setup is returning 403
[4] Securing CLI and CI/CD flows with ZITADEL

Ask Inkeep•11/28/25, 2:01 PM

Feel free to tag @Ask Inkeep with additional questions.

AAsk Inkeep To learn more, see the sources I considered: [[1] V2 session returning "membe...

Ask InkeepAPP•11/28/25, 2:05 PM

Glad I could be helpful. Feel free to create a new thread with any new questions you may have.