Forums Bug Reports Thread

Password change must propagate to mobieusID (id.mobieus.io)

Patrick Bass · May 26 · 22 · 1 Locked
[Major] [High Priority] [Bug Fixed] [Always Reproduces]
Oldest Newest Top
Patrick Bass 🚀 OP May 26, 2026 9:09am

What happens: Password change mechanisms in the tenant app need to actually update the credential in id.mobieus.io (Zitadel). If a user changes their password through the platform UI, the change must propagate to the IdP so the new password works at next sign-in.

Expected: Password changes flow through to mobieusID via the Zitadel Management API so users can sign in with their new credentials.

Impact: Users who change passwords through the platform may find their new password does not work at next login.

Patrick Bass
@mobieus

Patrick Bass 🚀 May 26, 2026 9:32am

Resolved. Added ZitadelManagementClient::setPassword() method. Password changes in AccountController now push the new credential to Zitadel after the local hash update. Non-fatal: if the Zitadel call fails, a warning is logged and the user is notified but the local change stands. Deployed to all tenants.

Patrick Bass
@mobieus

Related Discussions

Admin "Reset Password" and "Clear Lockout" must work with mobieusID
Bug Reports · 1 replies · 28 views
Crawler config files (robots.txt, sitemap) must be tenant-specific
Bug Reports · 1 replies · 23 views
[Enhancement] Cross-cutting infra: Orphaned email template: email-change.php (superseded by two-step verification flow)
Feature Requests · 1 replies · 16 views
Email-change finalize does not re-check email uniqueness (TOCTOU) — surfaces a raw 500 instead of a clean error when the address is taken between request and finalize
Bug Reports · 1 replies · 17 views
Broken access control: any logged-in user can read/reply/change-status/assign ANY ticket via /help/api/tickets/*
Bug Reports · 1 replies · 20 views

Log in or register to reply to this thread.