org primary domain scope

2025-12-12 07:24:51 +00:00 · 2024-04-03 15:16:06 +02:00
parent 0a1219b07b
commit 9153b5c474
3 changed files with 29 additions and 5 deletions
--- a/apps/login/app/login/route.ts
+++ b/apps/login/app/login/route.ts
@@ -1,11 +1,12 @@
 import {
  createCallback,
  getAuthRequest,
  getOrgByDomain,
  listSessions,
  server,
 } from "#/lib/zitadel";
 import { SessionCookie, getAllSessions } from "#/utils/cookies";
-import { Session, AuthRequest, Prompt, login } from "@zitadel/server";
+import { Session, AuthRequest, Prompt } from "@zitadel/server";
 import { NextRequest, NextResponse } from "next/server";
 async function loadSessions(ids: string[]): Promise<Session[]> {
@@ -18,6 +19,7 @@ async function loadSessions(ids: string[]): Promise<Session[]> {
 }
 const ORG_SCOPE_REGEX = /urn:zitadel:iam:org:id:([0-9]+)/;
 const ORG_DOMAIN_SCOPE_REGEX = /urn:zitadel:iam:org:domain:primary:(.+)/; // TODO: check regex for all domain character options
 function findSession(
  sessions: Session[],
@@ -91,13 +93,26 @@ export async function GET(request: NextRequest) {
      authRequest?.scope &&
      authRequest.scope.find((s: string) => ORG_SCOPE_REGEX.test(s))
    ) {
-      const orgId = authRequest.scope.find((s: string) =>
+      const orgScope = authRequest.scope.find((s: string) =>
        ORG_SCOPE_REGEX.test(s)
      );
-      if (orgId) {
+      if (orgScope) {
-        const matched = ORG_SCOPE_REGEX.exec(orgId);
+        const matched = ORG_SCOPE_REGEX.exec(orgScope);
        organization = matched?.[1] ?? "";
      } else {
        const orgDomainScope = authRequest.scope.find((s: string) =>
          ORG_DOMAIN_SCOPE_REGEX.test(s)
        );
        if (orgDomainScope) {
          const matched = ORG_DOMAIN_SCOPE_REGEX.exec(orgDomainScope);
          const orgDomain = matched?.[1] ?? "";
          if (orgDomain) {
            const org = await getOrgByDomain(orgDomain);
            organization = org?.org?.id ?? "";
          }
        }
      }
    }
--- a/apps/login/lib/zitadel.ts
+++ b/apps/login/lib/zitadel.ts
@@ -22,10 +22,11 @@ import {
  SetSessionResponse,
  SetSessionRequest,
  ListUsersResponse,
-  ListUsersRequest,
+  management,
  DeleteSessionResponse,
  VerifyPasskeyRegistrationResponse,
  LoginSettings,
  GetOrgByDomainGlobalResponse,
  GetLoginSettingsResponse,
  ListAuthenticationMethodTypesResponse,
  StartIdentityProviderIntentRequest,
@@ -331,6 +332,13 @@ export async function listUsers(
  );
 }
 export async function getOrgByDomain(
  domain: string
 ): Promise<GetOrgByDomainGlobalResponse> {
  const mgmtService = management.getManagement(server);
  return mgmtService.getOrgByDomainGlobal({ domain }, {});
 }
 export async function startIdentityProviderFlow(
  server: ZitadelServer,
  { idpId, urls }: StartIdentityProviderIntentRequest
--- a/packages/zitadel-server/src/index.ts
+++ b/packages/zitadel-server/src/index.ts
@@ -87,6 +87,7 @@ export {
 export {
  SetHumanPasswordResponse,
  SetHumanPasswordRequest,
  GetOrgByDomainGlobalResponse,
 } from "./proto/server/zitadel/management";
 export * from "./proto/server/zitadel/idp";
 export { type LegalAndSupportSettings } from "./proto/server/zitadel/settings/v2beta/legal_settings";