Enabling TokenExchange is not working as expected
āUnsolvedāQuestionšŖ²Bugs
Hi! I arrive here after messing on every corner I could find and casting sessions with every major LLM out there.
Use-case: Customer auth / E2E app testing auth
Environment: Zitadel Cloud
Version: v4.9.1
Stack: Typescript / Playwright
What you expected to happen: An impersonation token is retrieved
What went wrong: API responds
I'm writing e2e tests for my app and I expect to be able to use impersonation. I enabled it on our cloud instance default settings UI. Org, Project and App do not show this option.
I expected this to be enough but the exchange response is consistently returning
Which suggests it's enabled at the instance level
Org's features, i.e.
Thanks!
Use-case: Customer auth / E2E app testing auth
Environment: Zitadel Cloud
Version: v4.9.1
Stack: Typescript / Playwright
What you expected to happen: An impersonation token is retrieved
What went wrong: API responds
Errors.TokenExchange.FeatureDisabled/v2/features/instanceI'm writing e2e tests for my app and I expect to be able to use impersonation. I enabled it on our cloud instance default settings UI. Org, Project and App do not show this option.
Allow ImpersonationI expected this to be enough but the exchange response is consistently returning
{"error":"invalid_request","error_description":"Errors.TokenExchange.FeatureDisabled"}https://my-instance-id.zitadel.cloud/v2/features/instance{"details":{"sequence":"16","changeDate":"2026-01-13T21:03:10.650582Z","resourceOwner":"XXXXXXXX8666"},..."oidcTokenExchange":{"enabled":true,"source":"SOURCE_INSTANCE"},...}Which suggests it's enabled at the instance level
Org's features, i.e.
https://my-instance-id.zitadel.cloud/v2/features/organization/XXXXXXXXXXXX202{"code":2,"message":"rpc error: code = Unimplemented desc = method GetOrganizationFeatures not implemented"}/v2/features/user/xxxxxxxxxxxxxxxx2838Thanks!
