service Region context everywhere

2025-08-24 12:29:59 +00:00 · 2025-01-29 16:00:21 +01:00
parent 41bafc0d41
commit 323a223706
38 changed files with 408 additions and 108 deletions
--- a/apps/login/src/app/(login)/accounts/page.tsx
+++ b/apps/login/src/app/(login)/accounts/page.tsx
@@ -13,12 +13,19 @@ import { getLocale, getTranslations } from "next-intl/server";
 import { headers } from "next/headers";
 import Link from "next/link";
-async function loadSessions({ serviceUrl }: { serviceUrl: string }) {
+async function loadSessions({
  serviceUrl,
  serviceRegion,
 }: {
  serviceUrl: string;
  serviceRegion: string;
 }) {
  const ids: (string | undefined)[] = await getAllSessionCookieIds();
  if (ids && ids.length) {
    const response = await listSessions({
      serviceUrl,
      serviceRegion,
      ids: ids.filter((id) => !!id) as string[],
    });
    return response?.sessions ?? [];
@@ -43,16 +50,20 @@ export default async function Page(props: {
  let defaultOrganization;
  if (!organization) {
-    const org: Organization | null = await getDefaultOrg({ serviceUrl });
+    const org: Organization | null = await getDefaultOrg({
      serviceUrl,
      serviceRegion,
    });
    if (org) {
      defaultOrganization = org.id;
    }
  }
-  let sessions = await loadSessions({ serviceUrl });
+  let sessions = await loadSessions({ serviceUrl, serviceRegion });
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? defaultOrganization,
  });
--- a/apps/login/src/app/(login)/authenticator/set/page.tsx
+++ b/apps/login/src/app/(login)/authenticator/set/page.tsx
@@ -36,31 +36,35 @@ export default async function Page(props: {
    ? await loadSessionById(serviceUrl, sessionId, organization)
    : await loadSessionByLoginname(serviceUrl, loginName, organization);
-  async function getAuthMethodsAndUser(host: string, session?: Session) {
+  async function getAuthMethodsAndUser(
    serviceUrl: string,
    serviceRegion: string,
    session?: Session,
  ) {
    const userId = session?.factors?.user?.id;
    if (!userId) {
      throw Error("Could not get user id from session");
    }
-    return listAuthenticationMethodTypes({ serviceUrl, userId }).then(
+    return listAuthenticationMethodTypes({
-      (methods) => {
+      serviceUrl,
-        return getUserByID({ serviceUrl, userId }).then((user) => {
+      serviceRegion,
-          const humanUser =
+      userId,
-            user.user?.type.case === "human"
+    }).then((methods) => {
-              ? user.user?.type.value
+      return getUserByID({ serviceUrl, serviceRegion, userId }).then((user) => {
-              : undefined;
+        const humanUser =
          user.user?.type.case === "human" ? user.user?.type.value : undefined;
-          return {
+        return {
-            factors: session?.factors,
+          factors: session?.factors,
-            authMethods: methods.authMethodTypes ?? [],
+          authMethods: methods.authMethodTypes ?? [],
-            phoneVerified: humanUser?.phone?.isVerified ?? false,
+          phoneVerified: humanUser?.phone?.isVerified ?? false,
-            emailVerified: humanUser?.email?.isVerified ?? false,
+          emailVerified: humanUser?.email?.isVerified ?? false,
-            expirationDate: session?.expirationDate,
+          expirationDate: session?.expirationDate,
-          };
+        };
-        });
+      });
-      },
+    });
    );
  }
  async function loadSessionByLoginname(
@@ -70,12 +74,13 @@ export default async function Page(props: {
  ) {
    return loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
      },
    }).then((session) => {
-      return getAuthMethodsAndUser(serviceUrl, session);
+      return getAuthMethodsAndUser(serviceUrl, serviceRegion, session);
    });
  }
@@ -87,10 +92,15 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((sessionResponse) => {
-      return getAuthMethodsAndUser(serviceUrl, sessionResponse.session);
+      return getAuthMethodsAndUser(
        serviceUrl,
        serviceRegion,
        sessionResponse.session,
      );
    });
  }
@@ -100,16 +110,19 @@ export default async function Page(props: {
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization: sessionWithData.factors?.user?.organizationId,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: sessionWithData.factors?.user?.organizationId,
  });
  const identityProviders = await getActiveIdentityProviders({
    serviceUrl,
    serviceRegion,
    orgId: sessionWithData.factors?.user?.organizationId,
    linking_allowed: true,
  }).then((resp) => {
--- a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
+++ b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
@@ -42,7 +42,11 @@ export default async function Page(props: {
  const _headers = await headers();
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  if (!provider || !id || !token) {
    return loginFailed(branding, "IDP context missing");
@@ -50,6 +54,7 @@ export default async function Page(props: {
  const intent = await retrieveIDPIntent({
    serviceUrl,
    serviceRegion,
    id,
    token,
  });
@@ -72,7 +77,11 @@ export default async function Page(props: {
    return loginFailed(branding, "IDP information missing");
  }
-  const idp = await getIDPByID({ serviceUrl, id: idpInformation.idpId });
+  const idp = await getIDPByID({
    serviceUrl,
    serviceRegion,
    id: idpInformation.idpId,
  });
  const options = idp?.config?.options;
  if (!idp) {
@@ -91,6 +100,7 @@ export default async function Page(props: {
    try {
      idpLink = await addIDPLink({
        serviceUrl,
        serviceRegion,
        idp: {
          id: idpInformation.idpId,
          userId: idpInformation.userId,
@@ -121,20 +131,23 @@ export default async function Page(props: {
    const email = PROVIDER_MAPPING[providerType](idpInformation).email?.email;
    if (options.autoLinking === AutoLinkingOption.EMAIL && email) {
-      foundUser = await listUsers({ serviceUrl, email }).then((response) => {
+      foundUser = await listUsers({ serviceUrl, serviceRegion, email }).then(
-        return response.result ? response.result[0] : null;
+        (response) => {
-      });
+          return response.result ? response.result[0] : null;
        },
      );
    } else if (options.autoLinking === AutoLinkingOption.USERNAME) {
      foundUser = await listUsers(
        options.autoLinking === AutoLinkingOption.USERNAME
-          ? { serviceUrl, userName: idpInformation.userName }
+          ? { serviceUrl, serviceRegion, userName: idpInformation.userName }
-          : { serviceUrl, email },
+          : { serviceUrl, serviceRegion, email },
      ).then((response) => {
        return response.result ? response.result[0] : null;
      });
    } else {
      foundUser = await listUsers({
        serviceUrl,
        serviceRegion,
        userName: idpInformation.userName,
        email,
      }).then((response) => {
@@ -147,6 +160,7 @@ export default async function Page(props: {
      try {
        idpLink = await addIDPLink({
          serviceUrl,
          serviceRegion,
          idp: {
            id: idpInformation.idpId,
            userId: idpInformation.userId,
@@ -187,12 +201,17 @@ export default async function Page(props: {
      const suffix = matched?.[1] ?? "";
      // this just returns orgs where the suffix is set as primary domain
-      const orgs = await getOrgsByDomain({ serviceUrl, domain: suffix });
+      const orgs = await getOrgsByDomain({
        serviceUrl,
        serviceRegion,
        domain: suffix,
      });
      const orgToCheckForDiscovery =
        orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;
      const orgLoginSettings = await getLoginSettings({
        serviceUrl,
        serviceRegion,
        organization: orgToCheckForDiscovery,
      });
      if (orgLoginSettings?.allowDomainDiscovery) {
@@ -211,7 +230,11 @@ export default async function Page(props: {
      });
    }
-    const newUser = await addHuman({ serviceUrl, request: userData });
+    const newUser = await addHuman({
      serviceUrl,
      serviceRegion,
      request: userData,
    });
    if (newUser) {
      return (
--- a/apps/login/src/app/(login)/idp/page.tsx
+++ b/apps/login/src/app/(login)/idp/page.tsx
@@ -20,12 +20,17 @@ export default async function Page(props: {
  const identityProviders = await getActiveIdentityProviders({
    serviceUrl,
    serviceRegion,
    orgId: organization,
  }).then((resp) => {
    return resp.identityProviders;
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/invite/page.tsx
+++ b/apps/login/src/app/(login)/invite/page.tsx
@@ -24,7 +24,7 @@ export default async function Page(props: {
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
  if (!organization) {
-    const org = await getDefaultOrg({ serviceUrl });
+    const org = await getDefaultOrg({ serviceUrl, serviceRegion });
    if (!org) {
      throw new Error("No default organization found");
    }
@@ -32,14 +32,23 @@ export default async function Page(props: {
    organization = org.id;
  }
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+  const loginSettings = await getLoginSettings({
  const passwordComplexitySettings = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const passwordComplexitySettings = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/invite/success/page.tsx
+++ b/apps/login/src/app/(login)/invite/success/page.tsx
@@ -22,7 +22,7 @@ export default async function Page(props: {
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
  if (!organization) {
-    const org = await getDefaultOrg({ serviceUrl });
+    const org = await getDefaultOrg({ serviceUrl, serviceRegion });
    if (!org) {
      throw new Error("No default organization found");
    }
@@ -30,12 +30,20 @@ export default async function Page(props: {
    organization = org.id;
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  let user: User | undefined;
  let human: HumanUser | undefined;
  if (userId) {
-    const userResponse = await getUserByID({ serviceUrl, userId });
+    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId,
    });
    if (userResponse) {
      user = userResponse.user;
      if (user?.type.case === "human") {
--- a/apps/login/src/app/(login)/loginname/page.tsx
+++ b/apps/login/src/app/(login)/loginname/page.tsx
@@ -30,7 +30,10 @@ export default async function Page(props: {
  let defaultOrganization;
  if (!organization) {
-    const org: Organization | null = await getDefaultOrg({ serviceUrl });
+    const org: Organization | null = await getDefaultOrg({
      serviceUrl,
      serviceRegion,
    });
    if (org) {
      defaultOrganization = org.id;
    }
@@ -38,16 +41,19 @@ export default async function Page(props: {
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? defaultOrganization,
  });
  const contextLoginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const identityProviders = await getActiveIdentityProviders({
    serviceUrl,
    serviceRegion,
    orgId: organization ?? defaultOrganization,
  }).then((resp) => {
    return resp.identityProviders;
@@ -55,6 +61,7 @@ export default async function Page(props: {
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? defaultOrganization,
  });
--- a/apps/login/src/app/(login)/mfa/page.tsx
+++ b/apps/login/src/app/(login)/mfa/page.tsx
@@ -38,6 +38,7 @@ export default async function Page(props: {
  ) {
    return loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
@@ -46,6 +47,7 @@ export default async function Page(props: {
      if (session && session.factors?.user?.id) {
        return listAuthenticationMethodTypes({
          serviceUrl,
          serviceRegion,
          userId: session.factors.user.id,
        }).then((methods) => {
          return {
@@ -65,12 +67,14 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((response) => {
      if (response?.session && response.session.factors?.user?.id) {
        return listAuthenticationMethodTypes({
          serviceUrl,
          serviceRegion,
          userId: response.session.factors.user.id,
        }).then((methods) => {
          return {
@@ -82,7 +86,11 @@ export default async function Page(props: {
    });
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/mfa/set/page.tsx
+++ b/apps/login/src/app/(login)/mfa/set/page.tsx
@@ -65,24 +65,24 @@ export default async function Page(props: {
      throw Error("Could not get user id from session");
    }
-    return listAuthenticationMethodTypes({ serviceUrl, userId }).then(
+    return listAuthenticationMethodTypes({
-      (methods) => {
+      serviceUrl,
-        return getUserByID({ serviceUrl, userId }).then((user) => {
+      serviceRegion,
-          const humanUser =
+      userId,
-            user.user?.type.case === "human"
+    }).then((methods) => {
-              ? user.user?.type.value
+      return getUserByID({ serviceUrl, serviceRegion, userId }).then((user) => {
-              : undefined;
+        const humanUser =
          user.user?.type.case === "human" ? user.user?.type.value : undefined;
-          return {
+        return {
-            factors: session?.factors,
+          factors: session?.factors,
-            authMethods: methods.authMethodTypes ?? [],
+          authMethods: methods.authMethodTypes ?? [],
-            phoneVerified: humanUser?.phone?.isVerified ?? false,
+          phoneVerified: humanUser?.phone?.isVerified ?? false,
-            emailVerified: humanUser?.email?.isVerified ?? false,
+          emailVerified: humanUser?.email?.isVerified ?? false,
-            expirationDate: session?.expirationDate,
+          expirationDate: session?.expirationDate,
-          };
+        };
-        });
+      });
-      },
+    });
    );
  }
  async function loadSessionByLoginname(
@@ -92,6 +92,7 @@ export default async function Page(props: {
  ) {
    return loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
@@ -109,6 +110,7 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((sessionResponse) => {
@@ -116,9 +118,14 @@ export default async function Page(props: {
    });
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: sessionWithData.factors?.user?.organizationId,
  });
--- a/apps/login/src/app/(login)/otp/[method]/page.tsx
+++ b/apps/login/src/app/(login)/otp/[method]/page.tsx
@@ -47,6 +47,7 @@ export default async function Page(props: {
    ? await loadSessionById(serviceUrl, sessionId, organization)
    : await loadMostRecentSession({
        serviceUrl,
        serviceRegion,
        sessionParams: { loginName, organization },
      });
@@ -58,6 +59,7 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((response) => {
@@ -70,11 +72,13 @@ export default async function Page(props: {
  // email links do not come with organization, thus we need to use the session's organization
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? session?.factors?.user?.organizationId,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? session?.factors?.user?.organizationId,
  });
--- a/apps/login/src/app/(login)/otp/[method]/set/page.tsx
+++ b/apps/login/src/app/(login)/otp/[method]/set/page.tsx
@@ -36,11 +36,20 @@ export default async function Page(props: {
  const _headers = await headers();
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+    serviceUrl,
    serviceRegion,
    organization,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const session = await loadMostRecentSession({
    serviceUrl,
    serviceRegion,
    sessionParams: {
      loginName,
      organization,
@@ -50,7 +59,11 @@ export default async function Page(props: {
  let totpResponse: RegisterTOTPResponse | undefined, error: Error | undefined;
  if (session && session.factors?.user?.id) {
    if (method === "time-based") {
-      await registerTOTP({ serviceUrl, userId: session.factors.user.id })
+      await registerTOTP({
        serviceUrl,
        serviceRegion,
        userId: session.factors.user.id,
      })
        .then((resp) => {
          if (resp) {
            totpResponse = resp;
@@ -61,18 +74,22 @@ export default async function Page(props: {
        });
    } else if (method === "sms") {
      // does not work
-      await addOTPSMS({ serviceUrl, userId: session.factors.user.id }).catch(
+      await addOTPSMS({
-        (error) => {
+        serviceUrl,
-          error = new Error("Could not add OTP via SMS");
+        serviceRegion,
-        },
+        userId: session.factors.user.id,
-      );
+      }).catch((error) => {
        error = new Error("Could not add OTP via SMS");
      });
    } else if (method === "email") {
      // works
-      await addOTPEmail({ serviceUrl, userId: session.factors.user.id }).catch(
+      await addOTPEmail({
-        (error) => {
+        serviceUrl,
-          error = new Error("Could not add OTP via Email");
+        serviceRegion,
-        },
+        userId: session.factors.user.id,
-      );
+      }).catch((error) => {
        error = new Error("Could not add OTP via Email");
      });
    } else {
      throw new Error("Invalid method");
    }
--- a/apps/login/src/app/(login)/passkey/page.tsx
+++ b/apps/login/src/app/(login)/passkey/page.tsx
@@ -5,11 +5,7 @@ import { UserAvatar } from "@/components/user-avatar";
 import { getSessionCookieById } from "@/lib/cookies";
 import { getServiceUrlFromHeaders } from "@/lib/service";
 import { loadMostRecentSession } from "@/lib/session";
-import {
+import { getBrandingSettings, getSession } from "@/lib/zitadel";
  getBrandingSettings,
  getLoginSettings,
  getSession,
 } from "@/lib/zitadel";
 import { getLocale, getTranslations } from "next-intl/server";
 import { headers } from "next/headers";
@@ -31,6 +27,7 @@ export default async function Page(props: {
    ? await loadSessionById(serviceUrl, sessionId, organization)
    : await loadMostRecentSession({
        serviceUrl,
        serviceRegion,
        sessionParams: { loginName, organization },
      });
@@ -42,6 +39,7 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((response) => {
@@ -51,9 +49,11 @@ export default async function Page(props: {
    });
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
-
+    serviceUrl,
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/passkey/set/page.tsx
+++ b/apps/login/src/app/(login)/passkey/set/page.tsx
@@ -24,13 +24,18 @@ export default async function Page(props: {
  const session = await loadMostRecentSession({
    serviceUrl,
    serviceRegion,
    sessionParams: {
      loginName,
      organization,
    },
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/password/change/page.tsx
+++ b/apps/login/src/app/(login)/password/change/page.tsx
@@ -28,21 +28,28 @@ export default async function Page(props: {
  // also allow no session to be found (ignoreUnkownUsername)
  const sessionFactors = await loadMostRecentSession({
    serviceUrl,
    serviceRegion,
    sessionParams: {
      loginName,
      organization,
    },
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const passwordComplexity = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization: sessionFactors?.factors?.user?.organizationId,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: sessionFactors?.factors?.user?.organizationId,
  });
--- a/apps/login/src/app/(login)/password/page.tsx
+++ b/apps/login/src/app/(login)/password/page.tsx
@@ -29,7 +29,10 @@ export default async function Page(props: {
  let defaultOrganization;
  if (!organization) {
-    const org: Organization | null = await getDefaultOrg({ serviceUrl });
+    const org: Organization | null = await getDefaultOrg({
      serviceUrl,
      serviceRegion,
    });
    if (org) {
      defaultOrganization = org.id;
@@ -41,6 +44,7 @@ export default async function Page(props: {
  try {
    sessionFactors = await loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
@@ -53,10 +57,12 @@ export default async function Page(props: {
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? defaultOrganization,
  });
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: organization ?? defaultOrganization,
  });
--- a/apps/login/src/app/(login)/password/set/page.tsx
+++ b/apps/login/src/app/(login)/password/set/page.tsx
@@ -34,6 +34,7 @@ export default async function Page(props: {
  if (loginName) {
    session = await loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
@@ -41,19 +42,32 @@ export default async function Page(props: {
    });
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const passwordComplexity = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization: session?.factors?.user?.organizationId,
  });
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  let user: User | undefined;
  let displayName: string | undefined;
  if (userId) {
-    const userResponse = await getUserByID({ serviceUrl, userId });
+    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId,
    });
    user = userResponse.user;
    if (user?.type.case === "human") {
--- a/apps/login/src/app/(login)/register/page.tsx
+++ b/apps/login/src/app/(login)/register/page.tsx
@@ -26,21 +26,37 @@ export default async function Page(props: {
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
  if (!organization) {
-    const org: Organization | null = await getDefaultOrg({ serviceUrl });
+    const org: Organization | null = await getDefaultOrg({
      serviceUrl,
      serviceRegion,
    });
    if (org) {
      organization = org.id;
    }
  }
-  const legal = await getLegalAndSupportSettings({ serviceUrl, organization });
+  const legal = await getLegalAndSupportSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const passwordComplexitySettings = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  if (!loginSettings?.allowRegister) {
    return (
--- a/apps/login/src/app/(login)/register/password/page.tsx
+++ b/apps/login/src/app/(login)/register/password/page.tsx
@@ -26,7 +26,10 @@ export default async function Page(props: {
  const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
  if (!organization) {
-    const org: Organization | null = await getDefaultOrg({ serviceUrl });
+    const org: Organization | null = await getDefaultOrg({
      serviceUrl,
      serviceRegion,
    });
    if (org) {
      organization = org.id;
    }
@@ -34,15 +37,28 @@ export default async function Page(props: {
  const missingData = !firstname || !lastname || !email;
-  const legal = await getLegalAndSupportSettings({ serviceUrl, organization });
+  const legal = await getLegalAndSupportSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const passwordComplexitySettings = await getPasswordComplexitySettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
-  const loginSettings = await getLoginSettings({ serviceUrl, organization });
+  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return missingData ? (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/signedin/page.tsx
+++ b/apps/login/src/app/(login)/signedin/page.tsx
@@ -22,6 +22,7 @@ import { redirect } from "next/navigation";
 async function loadSession(
  serviceUrl: string,
  serviceRegion: string,
  loginName: string,
  authRequestId?: string,
 ) {
@@ -30,6 +31,7 @@ async function loadSession(
  if (authRequestId) {
    return createCallback({
      serviceUrl,
      serviceRegion,
      req: create(CreateCallbackRequestSchema, {
        authRequestId,
        callbackKind: {
@@ -46,6 +48,7 @@ async function loadSession(
  }
  return getSession({
    serviceUrl,
    serviceRegion,
    sessionId: recent.id,
    sessionToken: recent.token,
  }).then((response) => {
@@ -66,15 +69,24 @@ export default async function Page(props: { searchParams: Promise<any> }) {
  const { loginName, authRequestId, organization } = searchParams;
  const sessionFactors = await loadSession(
    serviceUrl,
    serviceRegion,
    loginName,
    authRequestId,
  );
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  let loginSettings;
  if (!authRequestId) {
-    loginSettings = await getLoginSettings({ serviceUrl, organization });
+    loginSettings = await getLoginSettings({
      serviceUrl,
      serviceRegion,
      organization,
    });
  }
  return (
--- a/apps/login/src/app/(login)/u2f/page.tsx
+++ b/apps/login/src/app/(login)/u2f/page.tsx
@@ -27,12 +27,17 @@ export default async function Page(props: {
    throw new Error("No host found");
  }
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  const sessionFactors = sessionId
    ? await loadSessionById(serviceUrl, sessionId, organization)
    : await loadMostRecentSession({
        serviceUrl,
        serviceRegion,
        sessionParams: { loginName, organization },
      });
@@ -44,6 +49,7 @@ export default async function Page(props: {
    const recent = await getSessionCookieById({ sessionId, organization });
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: recent.id,
      sessionToken: recent.token,
    }).then((response) => {
--- a/apps/login/src/app/(login)/u2f/set/page.tsx
+++ b/apps/login/src/app/(login)/u2f/set/page.tsx
@@ -23,13 +23,18 @@ export default async function Page(props: {
  const sessionFactors = await loadMostRecentSession({
    serviceUrl,
    serviceRegion,
    sessionParams: {
      loginName,
      organization,
    },
  });
-  const branding = await getBrandingSettings({ serviceUrl, organization });
+  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
  return (
    <DynamicTheme branding={branding}>
--- a/apps/login/src/app/(login)/verify/page.tsx
+++ b/apps/login/src/app/(login)/verify/page.tsx
@@ -35,6 +35,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
  const branding = await getBrandingSettings({
    serviceUrl,
    serviceRegion,
    organization,
  });
@@ -48,6 +49,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
  if ("loginName" in searchParams) {
    sessionFactors = await loadMostRecentSession({
      serviceUrl,
      serviceRegion,
      sessionParams: {
        loginName,
        organization,
@@ -57,6 +59,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
    if (doSend && sessionFactors?.factors?.user?.id) {
      await sendEmailCode({
        serviceUrl,
        serviceRegion,
        userId: sessionFactors?.factors?.user?.id,
        urlTemplate:
          `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
@@ -70,6 +73,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
    if (doSend) {
      await sendEmailCode({
        serviceUrl,
        serviceRegion,
        userId,
        urlTemplate:
          `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
@@ -80,7 +84,11 @@ export default async function Page(props: { searchParams: Promise<any> }) {
      });
    }
-    const userResponse = await getUserByID({ serviceUrl, userId });
+    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId,
    });
    if (userResponse) {
      user = userResponse.user;
      if (user?.type.case === "human") {
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -32,13 +32,16 @@ export const fetchCache = "default-no-store";
 async function loadSessions({
  serviceUrl,
  serviceRegion,
  ids,
 }: {
  serviceUrl: string;
  serviceRegion: string;
  ids: string[];
 }): Promise<Session[]> {
  const response = await listSessions({
    serviceUrl,
    serviceRegion,
    ids: ids.filter((id: string | undefined) => !!id),
  });
@@ -55,6 +58,7 @@ const IDP_SCOPE_REGEX = /urn:zitadel:iam:org:idp:id:(.+)/;
 **/
 async function isSessionValid(
  serviceUrl: string,
  serviceRegion: string,
  session: Session,
 ): Promise<boolean> {
  // session can't be checked without user
@@ -67,6 +71,7 @@ async function isSessionValid(
  const authMethodTypes = await listAuthenticationMethodTypes({
    serviceUrl,
    serviceRegion,
    userId: session.factors.user.id,
  });
@@ -116,6 +121,7 @@ async function isSessionValid(
    // only check settings if no auth methods are available, as this would require a setup
    const loginSettings = await getLoginSettings({
      serviceUrl,
      serviceRegion,
      organization: session.factors?.user?.organizationId,
    });
    if (loginSettings?.forceMfa || loginSettings?.forceMfaLocalOnly) {
@@ -159,6 +165,7 @@ async function isSessionValid(
 async function findValidSession(
  serviceUrl: string,
  serviceRegion: string,
  sessions: Session[],
  authRequest: AuthRequest,
 ): Promise<Session | undefined> {
@@ -185,7 +192,7 @@ async function findValidSession(
  // return the first valid session according to settings
  for (const session of sessionsWithHint) {
-    if (await isSessionValid(serviceUrl, session)) {
+    if (await isSessionValid(serviceUrl, serviceRegion, session)) {
      return session;
    }
  }
@@ -211,7 +218,7 @@ export async function GET(request: NextRequest) {
  const ids = sessionCookies.map((s) => s.id);
  let sessions: Session[] = [];
  if (ids && ids.length) {
-    sessions = await loadSessions({ serviceUrl, ids });
+    sessions = await loadSessions({ serviceUrl, serviceRegion, ids });
  }
  if (authRequestId && sessionId) {
@@ -224,7 +231,11 @@ export async function GET(request: NextRequest) {
    if (selectedSession && selectedSession.id) {
      console.log(`Found session ${selectedSession.id}`);
-      const isValid = await isSessionValid(serviceUrl, selectedSession);
+      const isValid = await isSessionValid(
        serviceUrl,
        serviceRegion,
        selectedSession,
      );
      console.log("Session is valid:", isValid);
@@ -259,6 +270,7 @@ export async function GET(request: NextRequest) {
        try {
          const { callbackUrl } = await createCallback({
            serviceUrl,
            serviceRegion,
            req: create(CreateCallbackRequestSchema, {
              authRequestId,
              callbackKind: {
@@ -286,6 +298,7 @@ export async function GET(request: NextRequest) {
          ) {
            const loginSettings = await getLoginSettings({
              serviceUrl,
              serviceRegion,
              organization: selectedSession.factors?.user?.organizationId,
            });
@@ -317,7 +330,11 @@ export async function GET(request: NextRequest) {
  }
  if (authRequestId) {
-    const { authRequest } = await getAuthRequest({ serviceUrl, authRequestId });
+    const { authRequest } = await getAuthRequest({
      serviceUrl,
      serviceRegion,
      authRequestId,
    });
    let organization = "";
    let suffix = "";
@@ -346,6 +363,7 @@ export async function GET(request: NextRequest) {
          if (orgDomain) {
            const orgs = await getOrgsByDomain({
              serviceUrl,
              serviceRegion,
              domain: orgDomain,
            });
            if (orgs.result && orgs.result.length === 1) {
@@ -362,6 +380,7 @@ export async function GET(request: NextRequest) {
        const identityProviders = await getActiveIdentityProviders({
          serviceUrl,
          serviceRegion,
          orgId: organization ? organization : undefined,
        }).then((resp) => {
          return resp.identityProviders;
@@ -387,6 +406,7 @@ export async function GET(request: NextRequest) {
          return startIdentityProviderFlow({
            serviceUrl,
            serviceRegion,
            idpId,
            urls: {
              successUrl:
@@ -487,6 +507,7 @@ export async function GET(request: NextRequest) {
         **/
        const selectedSession = await findValidSession(
          serviceUrl,
          serviceRegion,
          sessions,
          authRequest,
        );
@@ -516,6 +537,7 @@ export async function GET(request: NextRequest) {
        const { callbackUrl } = await createCallback({
          serviceUrl,
          serviceRegion,
          req: create(CreateCallbackRequestSchema, {
            authRequestId,
            callbackKind: {
@@ -529,6 +551,7 @@ export async function GET(request: NextRequest) {
        // check for loginHint, userId hint and valid sessions
        let selectedSession = await findValidSession(
          serviceUrl,
          serviceRegion,
          sessions,
          authRequest,
        );
@@ -553,6 +576,7 @@ export async function GET(request: NextRequest) {
        try {
          const { callbackUrl } = await createCallback({
            serviceUrl,
            serviceRegion,
            req: create(CreateCallbackRequestSchema, {
              authRequestId,
              callbackKind: {
--- a/apps/login/src/lib/self.ts
+++ b/apps/login/src/lib/self.ts
@@ -32,6 +32,7 @@ export async function setMyPassword({
  const { session } = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
--- a/apps/login/src/lib/server/cookie.ts
+++ b/apps/login/src/lib/server/cookie.ts
@@ -39,6 +39,7 @@ export async function createSessionAndUpdateCookie(
  const createdSession = await createSessionFromChecks({
    serviceUrl,
    serviceRegion,
    checks,
    challenges,
    lifetime,
@@ -47,6 +48,7 @@ export async function createSessionAndUpdateCookie(
  if (createdSession) {
    return getSession({
      serviceUrl,
      serviceRegion,
      sessionId: createdSession.sessionId,
      sessionToken: createdSession.sessionToken,
    }).then((response) => {
@@ -101,6 +103,7 @@ export async function createSessionForIdpAndUpdateCookie(
  const createdSession = await createSessionForUserIdAndIdpIntent({
    serviceUrl,
    serviceRegion,
    userId,
    idpIntent,
    lifetime,
@@ -112,6 +115,7 @@ export async function createSessionForIdpAndUpdateCookie(
  const { session } = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: createdSession.sessionId,
    sessionToken: createdSession.sessionToken,
  });
@@ -163,6 +167,7 @@ export async function setSessionAndUpdateCookie(
  return setSession({
    serviceUrl,
    serviceRegion,
    sessionId: recentCookie.id,
    sessionToken: recentCookie.token,
    challenges,
@@ -189,6 +194,7 @@ export async function setSessionAndUpdateCookie(
      return getSession({
        serviceUrl,
        serviceRegion,
        sessionId: sessionCookie.id,
        sessionToken: sessionCookie.token,
      }).then((response) => {
--- a/apps/login/src/lib/server/idp.ts
+++ b/apps/login/src/lib/server/idp.ts
@@ -28,6 +28,7 @@ export async function startIDPFlow(command: StartIDPFlowCommand) {
  return startIdentityProviderFlow({
    serviceUrl,
    serviceRegion,
    idpId: command.idpId,
    urls: {
      successUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${command.successUrl}`,
@@ -73,6 +74,7 @@ export async function createNewSessionFromIdpIntent(
  const userResponse = await getUserByID({
    serviceUrl,
    serviceRegion,
    userId: command.userId,
  });
@@ -82,6 +84,7 @@ export async function createNewSessionFromIdpIntent(
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: userResponse.user.details?.resourceOwner,
  });
--- a/apps/login/src/lib/server/invite.ts
+++ b/apps/login/src/lib/server/invite.ts
@@ -31,6 +31,7 @@ export async function inviteUser(command: InviteUserCommand) {
  const human = await addHumanUser({
    serviceUrl,
    serviceRegion,
    email: command.email,
    firstName: command.firstName,
    lastName: command.lastName,
@@ -44,6 +45,7 @@ export async function inviteUser(command: InviteUserCommand) {
  const codeResponse = await createInviteCode({
    serviceUrl,
    serviceRegion,
    urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true`,
    userId: human.userId,
  });
--- a/apps/login/src/lib/server/loginname.ts
+++ b/apps/login/src/lib/server/loginname.ts
@@ -43,6 +43,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
  const loginSettingsByContext = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: command.organization,
  });
@@ -52,6 +53,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
  let searchUsersRequest: SearchUsersCommand = {
    serviceUrl,
    serviceRegion,
    searchValue: command.loginName,
    organizationId: command.organization,
    loginSettings: loginSettingsByContext,
@@ -73,6 +75,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
  const redirectUserToSingleIDPIfAvailable = async () => {
    const identityProviders = await getActiveIdentityProviders({
      serviceUrl,
      serviceRegion,
      orgId: command.organization,
    }).then((resp) => {
      return resp.identityProviders;
@@ -103,6 +106,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
      const resp = await startIdentityProviderFlow({
        serviceUrl,
        serviceRegion,
        idpId: identityProviders[0].id,
        urls: {
          successUrl:
@@ -161,6 +165,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
      const resp = await startIdentityProviderFlow({
        serviceUrl,
        serviceRegion,
        idpId: idp.id,
        urls: {
          successUrl:
@@ -186,6 +191,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
    const userLoginSettings = await getLoginSettings({
      serviceUrl,
      serviceRegion,
      organization: user.details?.resourceOwner,
    });
@@ -244,6 +250,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
    const methods = await listAuthenticationMethodTypes({
      serviceUrl,
      serviceRegion,
      userId: session.factors?.user?.id,
    });
@@ -406,6 +413,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
      const orgLoginSettings = await getLoginSettings({
        serviceUrl,
        serviceRegion,
        organization: orgToCheckForDiscovery,
      });
      if (orgLoginSettings?.allowDomainDiscovery) {
--- a/apps/login/src/lib/server/otp.ts
+++ b/apps/login/src/lib/server/otp.ts
@@ -64,6 +64,7 @@ export async function setOTP(command: SetOTPCommand) {
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: command.organization,
  });
--- a/apps/login/src/lib/server/passkeys.ts
+++ b/apps/login/src/lib/server/passkeys.ts
@@ -53,6 +53,7 @@ export async function registerPasskeyLink(
  const sessionCookie = await getSessionCookieById({ sessionId });
  const session = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
@@ -73,6 +74,7 @@ export async function registerPasskeyLink(
  // use session token to add the passkey
  const registerLink = await createPasskeyRegistrationLink({
    serviceUrl,
    serviceRegion,
    userId,
  });
@@ -82,6 +84,7 @@ export async function registerPasskeyLink(
  return registerPasskey({
    serviceUrl,
    serviceRegion,
    userId,
    code: registerLink.code,
    domain: hostname,
@@ -109,6 +112,7 @@ export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) {
  });
  const session = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
@@ -120,6 +124,7 @@ export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) {
  return zitadelVerifyPasskeyRegistration({
    serviceUrl,
    serviceRegion,
    request: create(VerifyPasskeyRegistrationRequestSchema, {
      passkeyId: command.passkeyId,
      publicKeyCredential: command.publicKeyCredential,
@@ -177,6 +182,7 @@ export async function sendPasskey(command: SendPasskeyCommand) {
  const userResponse = await getUserByID({
    serviceUrl,
    serviceRegion,
    userId: session?.factors?.user?.id,
  });
--- a/apps/login/src/lib/server/password.ts
+++ b/apps/login/src/lib/server/password.ts
@@ -54,6 +54,7 @@ export async function resetPassword(command: ResetPasswordCommand) {
  const users = await listUsers({
    serviceUrl,
    serviceRegion,
    loginName: command.loginName,
    organizationId: command.organization,
  });
@@ -69,6 +70,7 @@ export async function resetPassword(command: ResetPasswordCommand) {
  return passwordReset({
    serviceUrl,
    serviceRegion,
    userId,
    urlTemplate:
      `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
@@ -101,6 +103,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
  if (!sessionCookie) {
    const users = await listUsers({
      serviceUrl,
      serviceRegion,
      loginName: command.loginName,
      organizationId: command.organization,
    });
@@ -115,6 +118,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
      loginSettings = await getLoginSettings({
        serviceUrl,
        serviceRegion,
        organization: command.organization,
      });
@@ -143,6 +147,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: session?.factors?.user?.id,
    });
@@ -156,6 +161,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
  if (!loginSettings) {
    loginSettings = await getLoginSettings({
      serviceUrl,
      serviceRegion,
      organization:
        command.organization ?? session.factors?.user?.organizationId,
    });
@@ -201,6 +207,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
  if (command.checks && command.checks.password && session.factors?.user?.id) {
    const response = await listAuthenticationMethodTypes({
      serviceUrl,
      serviceRegion,
      userId: session.factors.user.id,
    });
    if (response.authMethodTypes && response.authMethodTypes.length) {
@@ -267,6 +274,7 @@ export async function changePassword(command: {
  return setUserPassword({
    serviceUrl,
    serviceRegion,
    userId,
    password: command.password,
    user,
@@ -290,6 +298,7 @@ export async function checkSessionAndSetPassword({
  const { session } = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
@@ -308,6 +317,7 @@ export async function checkSessionAndSetPassword({
  // check if the user has no password set in order to set a password
  const authmethods = await listAuthenticationMethodTypes({
    serviceUrl,
    serviceRegion,
    userId: session.factors.user.id,
  });
@@ -328,6 +338,7 @@ export async function checkSessionAndSetPassword({
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: session.factors.user.organizationId,
  });
@@ -359,6 +370,7 @@ export async function checkSessionAndSetPassword({
    const selfService = await myUserService(
      serviceUrl,
      serviceRegion,
      `${sessionCookie.token}`,
    );
--- a/apps/login/src/lib/server/register.ts
+++ b/apps/login/src/lib/server/register.ts
@@ -38,6 +38,7 @@ export async function registerUser(command: RegisterUserCommand) {
  const addResponse = await addHumanUser({
    serviceUrl,
    serviceRegion,
    email: command.email,
    firstName: command.firstName,
    lastName: command.lastName,
@@ -51,6 +52,7 @@ export async function registerUser(command: RegisterUserCommand) {
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: command.organization,
  });
@@ -92,6 +94,7 @@ export async function registerUser(command: RegisterUserCommand) {
  } else {
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: session?.factors?.user?.id,
    });
--- a/apps/login/src/lib/server/session.ts
+++ b/apps/login/src/lib/server/session.ts
@@ -29,6 +29,7 @@ export async function continueWithSession({
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: session.factors?.user?.organizationId,
  });
@@ -131,6 +132,7 @@ export async function updateSession(options: UpdateSessionCommand) {
  if (checks && checks.password && session.factors?.user?.id) {
    const response = await listAuthenticationMethodTypes({
      serviceUrl,
      serviceRegion,
      userId: session.factors.user.id,
    });
    if (response.authMethodTypes && response.authMethodTypes.length) {
@@ -160,6 +162,7 @@ export async function clearSession(options: ClearSessionOptions) {
  const deletedSession = await deleteSession({
    serviceUrl,
    serviceRegion,
    sessionId: session.id,
    sessionToken: session.token,
  });
@@ -181,6 +184,7 @@ export async function cleanupSession({ sessionId }: CleanupSessionCommand) {
  const deleteResponse = await deleteSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
--- a/apps/login/src/lib/server/u2f.ts
+++ b/apps/login/src/lib/server/u2f.ts
@@ -38,6 +38,7 @@ export async function addU2F(command: RegisterU2FCommand) {
  const session = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
@@ -82,6 +83,7 @@ export async function verifyU2F(command: VerifyU2FCommand) {
  const session = await getSession({
    serviceUrl,
    serviceRegion,
    sessionId: sessionCookie.id,
    sessionToken: sessionCookie.token,
  });
--- a/apps/login/src/lib/server/verify.ts
+++ b/apps/login/src/lib/server/verify.ts
@@ -34,6 +34,7 @@ export async function verifyTOTP(
  return loadMostRecentSession({
    serviceUrl,
    serviceRegion,
    sessionParams: {
      loginName,
      organization,
@@ -42,6 +43,7 @@ export async function verifyTOTP(
    if (session?.factors?.user?.id) {
      return verifyTOTPRegistration({
        serviceUrl,
        serviceRegion,
        code,
        userId: session.factors.user.id,
      });
@@ -67,6 +69,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
  const verifyResponse = command.isInvite
    ? await verifyInviteCode({
        serviceUrl,
        serviceRegion,
        userId: command.userId,
        verificationCode: command.code,
      }).catch(() => {
@@ -74,6 +77,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
      })
    : await verifyEmail({
        serviceUrl,
        serviceRegion,
        userId: command.userId,
        verificationCode: command.code,
      }).catch(() => {
@@ -105,6 +109,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
    session = await getSession({
      serviceUrl,
      serviceRegion,
      sessionId: sessionCookie.id,
      sessionToken: sessionCookie.token,
    }).then((response) => {
@@ -119,6 +124,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: session?.factors?.user?.id,
    });
@@ -130,6 +136,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
  } else {
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: command.userId,
    });
@@ -169,11 +176,13 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: user.details?.resourceOwner,
  });
  const authMethodResponse = await listAuthenticationMethodTypes({
    serviceUrl,
    serviceRegion,
    userId: user.userId,
  });
@@ -252,10 +261,11 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
  }
  return command.isInvite
-    ? resendInviteCode({ serviceUrl, userId: command.userId })
+    ? resendInviteCode({ serviceUrl, serviceRegion, userId: command.userId })
    : resendEmailCode({
        userId: command.userId,
        serviceUrl,
        serviceRegion,
        urlTemplate:
          `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
          (command.authRequestId
@@ -266,14 +276,16 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
 type sendEmailCommand = {
  serviceUrl: string;
  serviceRegion: string;
  userId: string;
  urlTemplate: string;
 };
 export async function sendEmailCode(command: sendEmailCommand) {
  return zitadelSendEmailCode({
    userId: command.userId,
    serviceUrl: command.serviceUrl,
    serviceRegion: command.serviceRegion,
    userId: command.userId,
    urlTemplate: command.urlTemplate,
  });
 }
@@ -313,6 +325,7 @@ export async function sendVerificationRedirectWithoutCheck(
    session = await getSession({
      serviceUrl,
      serviceRegion,
      sessionId: sessionCookie.id,
      sessionToken: sessionCookie.token,
    }).then((response) => {
@@ -327,6 +340,7 @@ export async function sendVerificationRedirectWithoutCheck(
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: session?.factors?.user?.id,
    });
@@ -338,6 +352,7 @@ export async function sendVerificationRedirectWithoutCheck(
  } else if ("userId" in command) {
    const userResponse = await getUserByID({
      serviceUrl,
      serviceRegion,
      userId: command.userId,
    });
@@ -377,6 +392,7 @@ export async function sendVerificationRedirectWithoutCheck(
  const authMethodResponse = await listAuthenticationMethodTypes({
    serviceUrl,
    serviceRegion,
    userId: user.userId,
  });
@@ -402,6 +418,7 @@ export async function sendVerificationRedirectWithoutCheck(
  const loginSettings = await getLoginSettings({
    serviceUrl,
    serviceRegion,
    organization: user.details?.resourceOwner,
  });
--- a/apps/login/src/lib/service.ts
+++ b/apps/login/src/lib/service.ts
@@ -30,7 +30,7 @@ export async function createServiceForHost<T extends ServiceClass>(
    process.env.QA_SYSTEM_USER_ID &&
    process.env.QA_SYSTEM_USER_PRIVATE_KEY
  ) {
-    token = await systemAPIToken(serviceRegion);
+    token = await systemAPIToken({ serviceRegion });
  } else if (process.env.ZITADEL_SERVICE_USER_TOKEN) {
    token = process.env.ZITADEL_SERVICE_USER_TOKEN;
  }
--- a/apps/login/src/lib/session.ts
+++ b/apps/login/src/lib/session.ts
@@ -5,6 +5,7 @@ import { getSession } from "./zitadel";
 type LoadMostRecentSessionParams = {
  serviceUrl: string;
  serviceRegion: string;
  sessionParams: {
    loginName?: string;
    organization?: string;
@@ -13,6 +14,7 @@ type LoadMostRecentSessionParams = {
 export async function loadMostRecentSession({
  serviceUrl,
  serviceRegion,
  sessionParams,
 }: LoadMostRecentSessionParams): Promise<Session | undefined> {
  const recent = await getMostRecentCookieWithLoginname({
@@ -22,6 +24,7 @@ export async function loadMostRecentSession({
  return getSession({
    serviceUrl,
    serviceRegion,
    sessionId: recent.id,
    sessionToken: recent.token,
  }).then((resp: GetSessionResponse) => resp.session);
--- a/apps/login/src/lib/zitadel.ts
+++ b/apps/login/src/lib/zitadel.ts
@@ -1184,6 +1184,7 @@ export async function setUserPassword({
  if (!code) {
    const authmethods = await listAuthenticationMethodTypes({
      serviceUrl,
      serviceRegion,
      userId,
    });