Add missing openid scope when requesting JWT token (#2089)

According to the Zitadel documentation, `openid` scope is required when requesting JWT tokens. Apparently Zitadel was accepting requests without it until very recently. Now lack thereof causes 400 Bad Requests which makes it impossible to authenticate to the Netbird dashboard. https://zitadel.com/docs/guides/integrate/service-users/client-credentials#2-authenticating-a-service-user-and-request-a-token
2026-04-16 07:16:38 +00:00 · 2024-06-04 10:46:24 +02:00
parent 9b3449753e
commit 4da29451d0
1 changed files with 1 additions and 1 deletions
--- a/management/server/idp/zitadel.go
+++ b/management/server/idp/zitadel.go
@@ -154,7 +154,7 @@ func (zc *ZitadelCredentials) requestJWTToken() (*http.Response, error) {
 	data.Set("client_id", zc.clientConfig.ClientID)
 	data.Set("client_secret", zc.clientConfig.ClientSecret)
 	data.Set("grant_type", zc.clientConfig.GrantType)
-	data.Set("scope", "urn:zitadel:iam:org:project:id:zitadel:aud")
+	data.Set("scope", "openid urn:zitadel:iam:org:project:id:zitadel:aud")

 	payload := strings.NewReader(data.Encode())
 	req, err := http.NewRequest(http.MethodPost, zc.clientConfig.TokenEndpoint, payload)