Skip to main content

Migrate from Actions v1 to v2

In this guide, you will have all necessary information to migrate from Actions v1 to Actions v2 with all currently available Flow Types.

Internal Authentication​

Post Authentication​

A user has authenticated directly at ZITADEL. ZITADEL validated the users inputs for password, one-time password, security key or passwordless factor.

To react to different authentication actions, the session service, zitadel.session.v2.SessionService, provides the different endpoints. As a rule of thumb, use response triggers if you primarily want to handle successful and failed authentications. On the other hand, use event triggers if you need more fine-granular handling, for example by the used authentication factors.

Some use-cases:

  • Handle successful authentication through the response of /zitadel.session.v2.SessionService/CreateSession and /zitadel.session.v2.SessionService/SetSession, Action Response Example
  • Handle failed authentication through the response of /zitadel.session.v2.SessionService/CreateSession and /zitadel.session.v2.SessionService/SetSession, Action Response Example
  • Handle session with password checked through the creation of event session.password.checked, Action Event Example
  • Handle successful authentication through the creation of event user.human.password.check.succeeded, Action Event Example
  • Handle failed authentication through the creation of event user.human.password.check.failed, Action Event Example

Pre Creation​

A user registers directly at ZITADEL. ZITADEL did not create the user yet.

Some use-cases:

Post Creation​

A user registers directly at ZITADEL.
ZITADEL successfully created the user.

Some use-cases:

External Authentication​

Post Authentication​

A user has authenticated externally. ZITADEL retrieved and mapped the external information.

Some use-cases:

  • Handle the information mapping from the external authentication to internal structure through the response on /zitadel.user.v2.UserService/RetrieveIdentityProviderIntent, Action Response Example
    • information about the link to the external IDP available in the response under idpInformation
    • information if a new user has to be created available in the response under addHumanUser, including metadata and link to external IDP

Pre Creation​

A user registers directly at ZITADEL. ZITADEL did not create the user yet.

Some use-cases:

Post Creation​

A user registers directly at ZITADEL.
ZITADEL successfully created the user.

Some use-cases:

Complement Token​

These are executed during the creation of tokens and token introspection.

Pre Userinfo​

These are called before userinfo are set in the id_token or userinfo and introspection endpoint response.

Some use-cases:

Pre Access Token​

These are called before the claims are set in the access token and the token type is jwt.

Some use-cases:

Customize SAML Response​

These are executed before the return of the SAML Response.

Pre SAMLResponse Creation​

These are called before attributes are set in the SAMLResponse.

Some use-cases: