zitadel: OAuthErrorEvent: unable to retrieve client by id since version 2.5.0

Describe the bug

The server reports an error that the web browser shows in its console, when accessing the web UI at /ui/console whenever the user is logged in or not. The errors are reported from version 2.5.0 and onwards (to anybody reading this from the future, the current version is 2.10.0).

In the not logged in state, the following OAuth message is reported by the server:

(The JSON payload has been formatted for readability)

Uncaught (in promise): OAuthErrorEvent: 
{
    "type": "code_error",
    "reason": {},
    "params": {
        "error": "server_error",
        "error_description": "unable+to+retrieve+client+by+id",
        "state": "<redacted>"
    }
}

In the logged in state, seemingly related errors are returned by the server in the GRPC calls. A message in the browser console is:

could not read projectid by clientid (AUTH-GHpw2)

The payloads sent by the server don’t have more information that I can copy-paste here for examination.

To Reproduce The same client application behavior can be observed when logged in and not logged in, except for the messages reported in the browser console.

  1. Visit /ui/console
  2. The page visible to the user has no content (see screenshot).
  3. Open the browser dev tools console
  4. Notice the error(s)

Expected behavior I expect to be redirected to the login page or have the console with the required data, whichever is relevant according to the login state of the user.

Screenshots

A "blank" page with no error presented to the user

Desktop: Server side error, not applicable.

Smartphone: Server side error, not applicable.

Server: OS: Debian 11.5 Database: PostgreSQL 14

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 34 (29 by maintainers)

Most upvoted comments

The workaround seems to work properly on my installation, though time travelling might not be a good idea, as you’ve said in the comment of the SQL snippet. 😁

Nonetheless, accessing / redirects to /ui/console and finally to /ui/login/login?... without any errors. I can complete the login flow to the console, and an external application using Oauth2 with OIDC.

+2
lapin-b on Nov 29, 2022

I now simply created a new instance - as I already mentioned, in my case there was anyway just test and prototype data…

+1
CMiksche on Dec 8, 2022

hi @CMiksche the new release v2.14.0 will rise another error. Please wait for v2.14.1 before you upgrade

+1
adlerhurst on Dec 1, 2022

Now I had to set the rights again:

GRANT USAGE ON SCHEMA projections,auth,adminapi TO <myuser>;

And also the ownership of all new tables:

ALTER TABLE auth.locks OWNER TO <myuser>;

I started it afterwards and start-from-init failed because

caller="/home/runner/work/zitadel/zitadel/internal/migration/migration.go:51" error="FEHLER: Relation »current_sequences_instance_id_idx« existiert bereits (SQLSTATE 42P07)"
caller="/home/runner/work/zitadel/zitadel/cmd/setup/setup.go:112" error="FEHLER: Relation »current_sequences_instance_id_idx« existiert bereits (SQLSTATE 42P07)"

While start failed because:

FEHLER: Relation »projections.instances« existiert nicht (SQLSTATE 42P01)

But when I try to delete current_sequences_instance_id_idx, it shows me the following error:

DROP INDEX current_sequences_instance_id_idx;
FEHLER:  Index »current_sequences_instance_id_idx« existiert nicht

So I created a PR for that: https://github.com/zitadel/zitadel/pull/4798

+1
CMiksche on Nov 30, 2022
Read more comments on GitHub
← zitadel: Domain discovery (identity brokering) doesn't work
zitadel: Quickstart not working on Linux →