Selfhosted Netbird w/ Zitadel - cross domain logins
Hey Hey!
I am now setting up netbird again but with Zitadel, everything works well if users that exist in the same organization as the netbird project, as in all their information is correctly pulled into netbird. However, I also need to allow external users to log in on a selective basis. I am planning on doing so by creating a new organization lets call it "external-org" and create my external users in this org then allowing them a role for netbird via organization grants.
These new external users are able to log in okay, however their information is not pulled in correctly... Only their zitadel user ID is pulled in, no email, user name nothing. Has anyone seen this or has any ideas on what I could do to allow external user info to be pulled in?
I am running Zitadel V3.0.4 and Netbird V0.43.3
Things I have already setup:
1. Given my external-org a grant to my netbird project in the default org, this grant allows the role "external-users" to be applied to well the external users. This allows my external users to log in to netbird
2. In zitadel, on my netbird project, I have selected the options "Assert Roles on Authentication" and "Check authorization on Authentication" to limit users who can log into netbird only if they have the applicable roles applied to them
3. In my netbird application, I have selected the token option "Add user roles to the access token"
4. In my external-org, I have made my netbird service user account an org user manager as well as per this github comment https://github.com/netbirdio/netbird/issues/2620#issuecomment-2567480880
Things I have tried to no avail:
1. Giving the external user a role directly from my netbird project in the default organization.
2. In my netbird application token settings, checking the options "User roles inside ID Token" and "User Info inside ID Token"
I have now run out of things to try. If anyone has any ideas, I would love to hear!
I am now setting up netbird again but with Zitadel, everything works well if users that exist in the same organization as the netbird project, as in all their information is correctly pulled into netbird. However, I also need to allow external users to log in on a selective basis. I am planning on doing so by creating a new organization lets call it "external-org" and create my external users in this org then allowing them a role for netbird via organization grants.
These new external users are able to log in okay, however their information is not pulled in correctly... Only their zitadel user ID is pulled in, no email, user name nothing. Has anyone seen this or has any ideas on what I could do to allow external user info to be pulled in?
I am running Zitadel V3.0.4 and Netbird V0.43.3
Things I have already setup:
1. Given my external-org a grant to my netbird project in the default org, this grant allows the role "external-users" to be applied to well the external users. This allows my external users to log in to netbird
2. In zitadel, on my netbird project, I have selected the options "Assert Roles on Authentication" and "Check authorization on Authentication" to limit users who can log into netbird only if they have the applicable roles applied to them
3. In my netbird application, I have selected the token option "Add user roles to the access token"
4. In my external-org, I have made my netbird service user account an org user manager as well as per this github comment https://github.com/netbirdio/netbird/issues/2620#issuecomment-2567480880
Things I have tried to no avail:
1. Giving the external user a role directly from my netbird project in the default organization.
2. In my netbird application token settings, checking the options "User roles inside ID Token" and "User Info inside ID Token"
I have now run out of things to try. If anyone has any ideas, I would love to hear!
GitHub
When a user register himself, the user entry in Netbird does not show his name but his Zitadel ID. This happen when you create a new organization in Zitadel and grant access to Netbird to that orga...
