spicypixel
ZZITADEL
•Created by spicypixel on 5/28/2025 in #questions-help-bugs
Retrieving user roles and the shape of the data returned
I'm reading https://zitadel.com/docs/guides/integrate/retrieve-user-roles#retrieve-roles-from-the-userinfo-endpoint and implementing it in my frontend to be able to check through the
urn:zitadel:iam:org:project:{projectId}:roles key(s) in my response.
In one org a user has a map response like documentation shows, in another org another user has an array of two maps.
Why would I be getting an array of two identical maps?2 replies
ZZITADEL
•Created by spicypixel on 11/14/2024 in #questions-help-bugs
Can you introspect using a serviceaccount JWT key or only application JWT keys?
Currently writing some middleware that introspects, but additionally does some calls to the management api, which currently means I need to include an application key and a service account key to get both go clients working.
Is this always the case or have I missed something and I can do introspection using a service account key?
2 replies
ZZITADEL
•Created by spicypixel on 11/8/2024 in #questions-help-bugs
Uniqueness of resource Ids across multiple object types (orgs, users, projects...)
Do organization ids and user ids overlap? or are they all globally unique uint64 values? or I guess broader, are all resource ids unique in a zitadel installation regardless of the object they represent?
5 replies
ZZITADEL
•Created by spicypixel on 10/29/2024 in #questions-help-bugs
Instance level introspection and how to do it?
Bit of a question but lets see how it goes.
I'm currently doing introspection like the examples document - as middleware on handlers on the backend services exposed to the internet via load balancers.
I'd like to centralise this for our network in the networking layer so that my access tokens are introspected and the relevant information from this is mapped to request headers for subsequent calls. This is because some of these calls are made in private networks with no network access and I'm using opaque tokens (and stuffing the information into the JWT access token isn't permitted).
The issue I'm having is that my network fronts multiple projects, and when I generate a token for the introspection via https://zitadel.com/docs/guides/integrate/token-introspection/private-key-jwt as a guide, I'm finding only grants/roles are included in the introspection response if they are matching the same project as the private key JWT was made from - this feels obvious but has left me with a question.
Is it possible to do centralised introspection of any access token, against any project on my instance so I can map an opaque token to some headers (e.g. x-user-id)?
2 replies
ZZITADEL
•Created by spicypixel on 10/15/2024 in #questions-help-bugs
Can you add claims via Actions scripts with service account tokens?
Hey all, I've been using actions v1 scripts to embed the orgId into my jwt so my applications can get some org context just from the token, is this something you can do with the service account tokens generated via the client credentials flow?
3 replies
ZZITADEL
•Created by spicypixel on 9/18/2024 in #questions-help-bugs
Locked out for repeated password incorrect failures (as expected) but offers registration?
Hey just wondering about some behaviour I've noticed around login lockouts - I have my defaults for the instance set to lock an account if they have failed their password 3 times in a row, pretty standard stuff.
This does show an account is locked warning when this happens, but if they navigate to the website again in a new tab it offers them to register via google/active directory (my external IdPs) rather than just telling them they're locked out and need to contact an administrator.
If they then register with an external IdP (assuming they have an account there) it unlocks the account and allows login - but I wish to keep an account locked at this point.
Is this expected behaviour/configurable?
1 replies
ZZITADEL
•Created by spicypixel on 8/22/2024 in #questions-help-bugs
Duplicate logo on hosted login page
8 replies
ZZITADEL
•Created by spicypixel on 8/21/2024 in #questions-help-bugs
NodeJS Call Cancelled uncaught exception when making call to zitadel API
7 replies