From 2821f41c3a14fc0fc420875c741163e9f4ace00b Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 9 Jul 2025 10:51:13 -0400 Subject: [PATCH] fix(login v1): ensure the user's organization is always set into the token context (#10221) # Which Problems Are Solved Customers reported, that if the session / access token in Console expired and they re-authenticated, the user list would be empty. While reproducing the issue, we discovered that the necessary organization information, would be missing in the access token, since this would already be missing in the OIDC session creation when using an id_token_hint. # How the Problems Are Solved - Ensure the user's organization is set in the login v1 auth request. This is used to create the OIDC and token information. # Additional Changes None # Additional Context - reported by customers - requires backport to v3.x --- .../auth/repository/eventsourcing/eventstore/auth_request.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 7c335a752f..bf0609673b 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -1055,6 +1055,10 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth if err != nil { return nil, err } + // in case the user was set automatically, we might not have the org set + if request.UserOrgID == "" { + request.UserOrgID = user.ResourceOwner + } userSession, err := userSessionByIDs(ctx, repo.UserSessionViewProvider, repo.UserEventProvider, request.AgentID, user) if err != nil { return nil, err