diff --git a/docs/docs/apis/proto/admin.md b/docs/docs/apis/proto/admin.md
index a7f99da429..7c0e4bc145 100644
--- a/docs/docs/apis/proto/admin.md
+++ b/docs/docs/apis/proto/admin.md
@@ -272,6 +272,30 @@ Checks whether an organisation exists by the given parameters
GET: /orgs/_is_unique
+### SetDefaultOrg
+
+> **rpc** SetDefaultOrg([SetDefaultOrgRequest](#setdefaultorgrequest))
+[SetDefaultOrgResponse](#setdefaultorgresponse)
+
+Set the default org
+
+
+
+ PUT: /orgs/default/{org_id}
+
+
+### GetDefaultOrg
+
+> **rpc** GetDefaultOrg([GetDefaultOrgRequest](#getdefaultorgrequest))
+[GetDefaultOrgResponse](#getdefaultorgresponse)
+
+Set the default org
+
+
+
+ GET: /orgs/default
+
+
### ListOrgs
> **rpc** ListOrgs([ListOrgsRequest](#listorgsrequest))
@@ -1964,6 +1988,23 @@ This is an empty request
+### GetDefaultOrgRequest
+This is an empty request
+
+
+
+
+### GetDefaultOrgResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| org | zitadel.org.v1.Org | - | |
+
+
+
+
### GetDefaultPasswordResetMessageTextRequest
@@ -3256,6 +3297,28 @@ This is an empty request
+### SetDefaultOrgRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| org_id | string | - | string.min_len: 1
string.max_len: 200
|
+
+
+
+
+### SetDefaultOrgResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details | zitadel.v1.ObjectDetails | - | |
+
+
+
+
### SetDefaultPasswordResetMessageTextRequest
diff --git a/docs/docs/apis/proto/management.md b/docs/docs/apis/proto/management.md
index 3498aa9aed..44505cc2d7 100644
--- a/docs/docs/apis/proto/management.md
+++ b/docs/docs/apis/proto/management.md
@@ -4701,8 +4701,9 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
-| global_org_id | string | - | |
+| global_org_id | string | deprecated: use default_org_id instead | |
| iam_project_id | string | - | |
+| default_org_id | string | - | |
diff --git a/internal/api/authz/instance.go b/internal/api/authz/instance.go
index dcbd4f090e..7b79030f6b 100644
--- a/internal/api/authz/instance.go
+++ b/internal/api/authz/instance.go
@@ -18,6 +18,7 @@ type Instance interface {
RequestedDomain() string
RequestedHost() string
DefaultLanguage() language.Tag
+ DefaultOrganisationID() string
}
type InstanceVerifier interface {
@@ -25,15 +26,16 @@ type InstanceVerifier interface {
}
type instance struct {
- ID string
- Domain string
+ id string
+ domain string
projectID string
appID string
clientID string
+ orgID string
}
func (i *instance) InstanceID() string {
- return i.ID
+ return i.id
}
func (i *instance) ProjectID() string {
@@ -49,17 +51,21 @@ func (i *instance) ConsoleApplicationID() string {
}
func (i *instance) RequestedDomain() string {
- return i.Domain
+ return i.domain
}
func (i *instance) RequestedHost() string {
- return i.Domain
+ return i.domain
}
func (i *instance) DefaultLanguage() language.Tag {
return language.Und
}
+func (i *instance) DefaultOrganisationID() string {
+ return i.orgID
+}
+
func GetInstance(ctx context.Context) Instance {
instance, ok := ctx.Value(instanceKey).(Instance)
if !ok {
@@ -73,7 +79,7 @@ func WithInstance(ctx context.Context, instance Instance) context.Context {
}
func WithInstanceID(ctx context.Context, id string) context.Context {
- return context.WithValue(ctx, instanceKey, &instance{ID: id})
+ return context.WithValue(ctx, instanceKey, &instance{id: id})
}
func WithRequestedDomain(ctx context.Context, domain string) context.Context {
@@ -82,7 +88,7 @@ func WithRequestedDomain(ctx context.Context, domain string) context.Context {
i = new(instance)
}
- i.Domain = domain
+ i.domain = domain
return context.WithValue(ctx, instanceKey, i)
}
diff --git a/internal/api/authz/instance_test.go b/internal/api/authz/instance_test.go
index 3cbc24e52f..ea06a9464a 100644
--- a/internal/api/authz/instance_test.go
+++ b/internal/api/authz/instance_test.go
@@ -88,6 +88,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
return language.English
}
+func (m *mockInstance) DefaultOrganisationID() string {
+ return "orgID"
+}
+
func (m *mockInstance) RequestedDomain() string {
return "zitadel.cloud"
}
diff --git a/internal/api/grpc/admin/org.go b/internal/api/grpc/admin/org.go
index f3a1ef7818..370d12a915 100644
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -17,6 +17,21 @@ func (s *Server) IsOrgUnique(ctx context.Context, req *admin_pb.IsOrgUniqueReque
return &admin_pb.IsOrgUniqueResponse{IsUnique: isUnique}, err
}
+func (s *Server) SetDefaultOrg(ctx context.Context, req *admin_pb.SetDefaultOrgRequest) (*admin_pb.SetDefaultOrgResponse, error) {
+ details, err := s.command.SetDefaultOrg(ctx, req.OrgId)
+ if err != nil {
+ return nil, err
+ }
+ return &admin_pb.SetDefaultOrgResponse{
+ Details: object.DomainToChangeDetailsPb(details),
+ }, nil
+}
+
+func (s *Server) GetDefaultOrg(ctx context.Context, _ *admin_pb.GetDefaultOrgRequest) (*admin_pb.GetDefaultOrgResponse, error) {
+ org, err := s.query.OrgByID(ctx, authz.GetInstance(ctx).DefaultOrganisationID())
+ return &admin_pb.GetDefaultOrgResponse{Org: org_grpc.OrgToPb(org)}, err
+}
+
func (s *Server) GetOrgByID(ctx context.Context, req *admin_pb.GetOrgByIDRequest) (*admin_pb.GetOrgByIDResponse, error) {
org, err := s.query.OrgByID(ctx, req.Id)
if err != nil {
diff --git a/internal/api/grpc/management/iam.go b/internal/api/grpc/management/iam.go
index 4ca2d518bc..a912d20943 100644
--- a/internal/api/grpc/management/iam.go
+++ b/internal/api/grpc/management/iam.go
@@ -12,7 +12,8 @@ func (s *Server) GetIAM(ctx context.Context, _ *mgmt_pb.GetIAMRequest) (*mgmt_pb
return nil, err
}
return &mgmt_pb.GetIAMResponse{
- GlobalOrgId: iam.GlobalOrgID,
+ GlobalOrgId: iam.DefaultOrgID,
+ DefaultOrgId: iam.DefaultOrgID,
IamProjectId: iam.IAMProjectID,
}, nil
}
diff --git a/internal/api/grpc/management/org.go b/internal/api/grpc/management/org.go
index 8e045a0049..a8cf3fe272 100644
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -213,7 +213,7 @@ func (s *Server) ListOrgMemberRoles(ctx context.Context, _ *mgmt_pb.ListOrgMembe
if err != nil {
return nil, err
}
- roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
+ roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.DefaultOrgID)
return &mgmt_pb.ListOrgMemberRolesResponse{
Result: roles,
}, nil
diff --git a/internal/api/grpc/server/middleware/instance_interceptor_test.go b/internal/api/grpc/server/middleware/instance_interceptor_test.go
index e4a73808cc..8074f1fca4 100644
--- a/internal/api/grpc/server/middleware/instance_interceptor_test.go
+++ b/internal/api/grpc/server/middleware/instance_interceptor_test.go
@@ -182,6 +182,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
return language.English
}
+func (m *mockInstance) DefaultOrganisationID() string {
+ return "orgID"
+}
+
func (m *mockInstance) RequestedDomain() string {
return "localhost"
}
diff --git a/internal/api/http/middleware/instance_interceptor_test.go b/internal/api/http/middleware/instance_interceptor_test.go
index 039ac0a1c3..bc5b55bba6 100644
--- a/internal/api/http/middleware/instance_interceptor_test.go
+++ b/internal/api/http/middleware/instance_interceptor_test.go
@@ -266,6 +266,10 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
return language.English
}
+func (m *mockInstance) DefaultOrganisationID() string {
+ return "orgID"
+}
+
func (m *mockInstance) RequestedDomain() string {
return "zitadel.cloud"
}
diff --git a/internal/api/ui/login/custom_action.go b/internal/api/ui/login/custom_action.go
index b9a171361a..e2b7d35f63 100644
--- a/internal/api/ui/login/custom_action.go
+++ b/internal/api/ui/login/custom_action.go
@@ -16,12 +16,9 @@ func (l *Login) customExternalUserMapping(ctx context.Context, user *domain.Exte
if resourceOwner == "" {
resourceOwner = config.AggregateID
}
- if resourceOwner == authz.GetInstance(ctx).InstanceID() {
- iam, err := l.query.Instance(ctx)
- if err != nil {
- return nil, err
- }
- resourceOwner = iam.GlobalOrgID
+ instance := authz.GetInstance(ctx)
+ if resourceOwner == instance.InstanceID() {
+ resourceOwner = instance.DefaultOrganisationID()
}
triggerActions, err := l.query.GetActiveActionsByFlowAndTriggerType(ctx, domain.FlowTypeExternalAuthentication, domain.TriggerTypePostAuthentication, resourceOwner)
if err != nil {
diff --git a/internal/api/ui/login/external_login_handler.go b/internal/api/ui/login/external_login_handler.go
index 6186ccf47b..88bf6504e8 100644
--- a/internal/api/ui/login/external_login_handler.go
+++ b/internal/api/ui/login/external_login_handler.go
@@ -12,6 +12,7 @@ import (
"github.com/zitadel/oidc/v2/pkg/oidc"
"golang.org/x/oauth2"
+ "github.com/zitadel/zitadel/internal/api/authz"
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
@@ -204,32 +205,26 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
if errors.IsNotFound(err) {
err = nil
}
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
- return
- }
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
- resourceOwner := iam.GlobalOrgID
-
- if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
+ if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
resourceOwner = authReq.RequestedOrgID
}
orgIAMPolicy, err := l.getOrgDomainPolicy(r, resourceOwner)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
return
}
human, idpLinking, _ := l.mapExternalUserToLoginUser(orgIAMPolicy, externalUser, idpConfig)
if !idpConfig.AutoRegister {
- l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
+ l.renderExternalNotFoundOption(w, r, authReq, orgIAMPolicy, human, idpLinking, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, userAgentID)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, iam, orgIAMPolicy, human, idpLinking, err)
+ l.renderExternalNotFoundOption(w, r, authReq, orgIAMPolicy, human, idpLinking, err)
return
}
l.handleAutoRegister(w, r, authReq)
@@ -249,20 +244,15 @@ func (l *Login) handleExternalUserAuthenticated(w http.ResponseWriter, r *http.R
l.renderNextStep(w, r, authReq)
}
-func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, iam *query.Instance, orgIAMPolicy *query.DomainPolicy, human *domain.Human, externalIDP *domain.UserIDPLink, err error) {
+func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgIAMPolicy *query.DomainPolicy, human *domain.Human, externalIDP *domain.UserIDPLink, err error) {
var errID, errMessage string
if err != nil {
errID, errMessage = l.getErrorMessage(r, err)
}
if orgIAMPolicy == nil {
- iam, err = l.query.Instance(r.Context())
- if err != nil {
- l.renderError(w, r, authReq, err)
- return
- }
- resourceOwner := iam.GlobalOrgID
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
- if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
+ if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
resourceOwner = authReq.RequestedOrgID
}
@@ -317,7 +307,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
data := new(externalNotFoundOptionFormData)
authReq, err := l.getAuthRequestAndParseData(r, data)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
return
}
if data.Link {
@@ -327,7 +317,7 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context())
err = l.authRepo.ResetLinkingUsers(r.Context(), authReq.ID, userAgentID)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
}
l.handleLogin(w, r)
return
@@ -336,29 +326,23 @@ func (l *Login) handleExternalNotFoundOptionCheck(w http.ResponseWriter, r *http
}
func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
- return
- }
-
- resourceOwner := iam.GlobalOrgID
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
memberRoles := []string{domain.RoleSelfManagementGlobal}
- if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
+ if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
memberRoles = nil
resourceOwner = authReq.RequestedOrgID
}
orgIamPolicy, err := l.getOrgDomainPolicy(r, resourceOwner)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
return
}
idpConfig, err := l.authRepo.GetIDPConfigByID(r.Context(), authReq.SelectedIDPConfigID)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, nil, nil, err)
return
}
@@ -371,12 +355,12 @@ func (l *Login) handleAutoRegister(w http.ResponseWriter, r *http.Request, authR
user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, linkingUser, idpConfig)
user, metadata, err = l.customExternalUserToLoginUserMapping(user, nil, authReq, idpConfig, metadata, resourceOwner)
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, nil, nil, err)
return
}
err = l.authRepo.AutoRegisterExternalUser(setContext(r.Context(), resourceOwner), user, externalIDP, memberRoles, authReq.ID, userAgentID, resourceOwner, metadata, domain.BrowserInfoFromRequest(r))
if err != nil {
- l.renderExternalNotFoundOption(w, r, authReq, iam, orgIamPolicy, user, externalIDP, err)
+ l.renderExternalNotFoundOption(w, r, authReq, orgIamPolicy, user, externalIDP, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
diff --git a/internal/api/ui/login/external_register_handler.go b/internal/api/ui/login/external_register_handler.go
index 762100400f..c50c6894ab 100644
--- a/internal/api/ui/login/external_register_handler.go
+++ b/internal/api/ui/login/external_register_handler.go
@@ -8,6 +8,7 @@ import (
"github.com/zitadel/oidc/v2/pkg/oidc"
"golang.org/x/text/language"
+ "github.com/zitadel/zitadel/internal/api/authz"
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
"github.com/zitadel/zitadel/internal/domain"
iam_model "github.com/zitadel/zitadel/internal/iam/model"
@@ -111,12 +112,7 @@ func (l *Login) handleExternalRegisterCallback(w http.ResponseWriter, r *http.Re
}
func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, idpConfig *iam_model.IDPConfigView, userAgentID string, tokens *oidc.Tokens) {
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderRegisterOption(w, r, authReq, err)
- return
- }
- resourceOwner := iam.GlobalOrgID
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
if authReq.RequestedOrgID != "" {
resourceOwner = authReq.RequestedOrgID
}
@@ -134,11 +130,11 @@ func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Reques
l.renderExternalRegisterOverview(w, r, authReq, orgIamPolicy, user, externalIDP, nil)
return
}
- l.registerExternalUser(w, r, authReq, iam, user, externalIDP)
+ l.registerExternalUser(w, r, authReq, user, externalIDP)
}
-func (l *Login) registerExternalUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, iam *query.Instance, user *domain.Human, externalIDP *domain.UserIDPLink) {
- resourceOwner := iam.GlobalOrgID
+func (l *Login) registerExternalUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, user *domain.Human, externalIDP *domain.UserIDPLink) {
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
memberRoles := []string{domain.RoleSelfManagementGlobal}
if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
@@ -204,15 +200,10 @@ func (l *Login) handleExternalRegisterCheck(w http.ResponseWriter, r *http.Reque
return
}
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderRegisterOption(w, r, authReq, err)
- return
- }
- resourceOwner := iam.GlobalOrgID
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
memberRoles := []string{domain.RoleSelfManagementGlobal}
- if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != iam.GlobalOrgID {
+ if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner {
memberRoles = nil
resourceOwner = authReq.RequestedOrgID
}
diff --git a/internal/api/ui/login/jwt_handler.go b/internal/api/ui/login/jwt_handler.go
index cebebe5c38..8dd56331c0 100644
--- a/internal/api/ui/login/jwt_handler.go
+++ b/internal/api/ui/login/jwt_handler.go
@@ -112,7 +112,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
err = nil
}
if !idpConfig.AutoRegister {
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
return
}
authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID)
diff --git a/internal/api/ui/login/login_handler.go b/internal/api/ui/login/login_handler.go
index 26cfc77e48..18cf3cbaf9 100644
--- a/internal/api/ui/login/login_handler.go
+++ b/internal/api/ui/login/login_handler.go
@@ -98,10 +98,13 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
data := l.getUserData(r, authReq, "Login", errID, errMessage)
funcs := map[string]interface{}{
"hasUsernamePasswordLogin": func() bool {
- return authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword
+ return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword
},
"hasExternalLogin": func() bool {
- return authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowExternalIDP && authReq.AllowedExternalIDPs != nil && len(authReq.AllowedExternalIDPs) > 0
+ return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowExternalIDP && authReq.AllowedExternalIDPs != nil && len(authReq.AllowedExternalIDPs) > 0
+ },
+ "hasRegistration": func() bool {
+ return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowRegister
},
}
l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLogin], data, funcs)
diff --git a/internal/api/ui/login/register_handler.go b/internal/api/ui/login/register_handler.go
index 38cb8ba4be..e19611556c 100644
--- a/internal/api/ui/login/register_handler.go
+++ b/internal/api/ui/login/register_handler.go
@@ -5,6 +5,7 @@ import (
"golang.org/x/text/language"
+ "github.com/zitadel/zitadel/internal/api/authz"
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
"github.com/zitadel/zitadel/internal/domain"
caos_errs "github.com/zitadel/zitadel/internal/errors"
@@ -61,16 +62,11 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) {
l.renderRegister(w, r, authRequest, data, err)
return
}
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderRegister(w, r, authRequest, data, err)
- return
- }
- resourceOwner := iam.GlobalOrgID
+ resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID()
memberRoles := []string{domain.RoleSelfManagementGlobal}
- if authRequest != nil && authRequest.RequestedOrgID != "" && authRequest.RequestedOrgID != iam.GlobalOrgID {
+ if authRequest != nil && authRequest.RequestedOrgID != "" && authRequest.RequestedOrgID != resourceOwner {
memberRoles = nil
resourceOwner = authRequest.RequestedOrgID
}
@@ -114,10 +110,6 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
if formData.Language == "" {
formData.Language = l.renderer.ReqLang(translator, r).String()
}
- data := registerData{
- baseData: l.getBaseData(r, authRequest, "Register", errID, errMessage),
- registerFormData: *formData,
- }
var resourceOwner string
if authRequest != nil {
@@ -125,12 +117,12 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
}
if resourceOwner == "" {
- iam, err := l.query.Instance(r.Context())
- if err != nil {
- l.renderRegister(w, r, authRequest, formData, err)
- return
- }
- resourceOwner = iam.GlobalOrgID
+ resourceOwner = authz.GetInstance(r.Context()).DefaultOrganisationID()
+ }
+
+ data := registerData{
+ baseData: l.getBaseData(r, authRequest, "Register", errID, errMessage),
+ registerFormData: *formData,
}
pwPolicy, description, _ := l.getPasswordComplexityPolicy(r, authRequest, resourceOwner)
diff --git a/internal/api/ui/login/renderer.go b/internal/api/ui/login/renderer.go
index 0d03d06b1e..bf263e5b9d 100644
--- a/internal/api/ui/login/renderer.go
+++ b/internal/api/ui/login/renderer.go
@@ -211,6 +211,9 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage
"hasExternalLogin": func() bool {
return false
},
+ "hasRegistration": func() bool {
+ return true
+ },
"idpProviderClass": func(stylingType domain.IDPConfigStylingType) string {
return stylingType.GetCSSClass()
},
@@ -299,7 +302,7 @@ func (l *Login) chooseNextStep(w http.ResponseWriter, r *http.Request, authReq *
case *domain.LinkUsersStep:
l.linkUsers(w, r, authReq, err)
case *domain.ExternalNotFoundOptionStep:
- l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, nil, err)
+ l.renderExternalNotFoundOption(w, r, authReq, nil, nil, nil, err)
case *domain.ExternalLoginStep:
l.handleExternalLoginStep(w, r, authReq, step.SelectedIDPConfigID)
case *domain.GrantRequiredStep:
@@ -346,7 +349,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
PrivateLabelingOrgID: l.getPrivateLabelingID(r, authReq),
OrgID: l.getOrgID(r, authReq),
OrgName: l.getOrgName(authReq),
- PrimaryDomain: l.getOrgPrimaryDomain(authReq),
+ PrimaryDomain: l.getOrgPrimaryDomain(r, authReq),
DisplayLoginNameSuffix: l.isDisplayLoginNameSuffix(authReq),
AuthReqID: getRequestID(authReq, r),
CSRF: csrf.TemplateField(r),
@@ -490,11 +493,17 @@ func (l *Login) getOrgName(authReq *domain.AuthRequest) string {
return authReq.RequestedOrgName
}
-func (l *Login) getOrgPrimaryDomain(authReq *domain.AuthRequest) string {
- if authReq == nil {
+func (l *Login) getOrgPrimaryDomain(r *http.Request, authReq *domain.AuthRequest) string {
+ orgID := authz.GetInstance(r.Context()).DefaultOrganisationID()
+ if authReq != nil && authReq.RequestedPrimaryDomain != "" {
+ return authReq.RequestedPrimaryDomain
+ }
+ org, err := l.query.OrgByID(r.Context(), orgID)
+ if err != nil {
+ logging.New().WithError(err).Error("cannot get default org")
return ""
}
- return authReq.RequestedPrimaryDomain
+ return org.Domain
}
func (l *Login) isDisplayLoginNameSuffix(authReq *domain.AuthRequest) bool {
diff --git a/internal/api/ui/login/static/templates/external_not_found_option.html b/internal/api/ui/login/static/templates/external_not_found_option.html
index 31ff06632a..837d804f22 100644
--- a/internal/api/ui/login/static/templates/external_not_found_option.html
+++ b/internal/api/ui/login/static/templates/external_not_found_option.html
@@ -39,7 +39,7 @@