fix(api): use organization instead of organisation (#6720)

* fix(api): use organization instead of organisation

* fix test

* docs: add deprecation notice

* remove validation

internal/api/grpc/server/middleware/auth_interceptor.go

@@ -33,12 +33,7 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
 		return nil, status.Error(codes.Unauthenticated, "auth header missing")
 	}
 
-	var orgDomain string
+	orgID, orgDomain := orgIDAndDomainFromRequest(authCtx, req)
-	orgID := grpc_util.GetHeader(authCtx, http.ZitadelOrgID)
-	if o, ok := req.(OrganisationFromRequest); ok {
-		orgID = o.OrganisationFromRequest().ID
-		orgDomain = o.OrganisationFromRequest().Domain
-	}
 	ctxSetter, err := authz.CheckUserAuthorization(authCtx, req, authToken, orgID, orgDomain, verifier, authConfig, authOpt, info.FullMethod)
 	if err != nil {
 		return nil, err
@@ -47,11 +42,38 @@ func authorize(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo,
 	return handler(ctxSetter(ctx), req)
 }
 
-type OrganisationFromRequest interface {
+func orgIDAndDomainFromRequest(ctx context.Context, req interface{}) (id, domain string) {
-	OrganisationFromRequest() *Organisation
+	orgID := grpc_util.GetHeader(ctx, http.ZitadelOrgID)
+	o, ok := req.(OrganizationFromRequest)
+	if !ok {
+		return orgID, ""
+	}
+	id = o.OrganizationFromRequest().ID
+	domain = o.OrganizationFromRequest().Domain
+	if id != "" || domain != "" {
+		return id, domain
+	}
+	// check if the deprecated organisation is used.
+	// to be removed before going GA (https://github.com/zitadel/zitadel/issues/6718)
+	id = o.OrganisationFromRequest().ID
+	domain = o.OrganisationFromRequest().Domain
+	if id != "" || domain != "" {
+		return id, domain
+	}
+	return orgID, domain
 }
 
-type Organisation struct {
+// Deprecated: will be removed in favor of OrganizationFromRequest (https://github.com/zitadel/zitadel/issues/6718)
+type OrganisationFromRequest interface {
+	OrganisationFromRequest() *Organization
+}
+
+type Organization struct {
 	ID     string
 	Domain string
 }
+
+type OrganizationFromRequest interface {
+	OrganizationFromRequest() *Organization
+	OrganisationFromRequest
+}

internal/api/grpc/session/v2/session.go

@@ -216,6 +216,7 @@ func userFactorToPb(factor query.SessionUserFactor) *session.UserFactor {
 		LoginName:      factor.LoginName,
 		DisplayName:    factor.DisplayName,
 		OrganisationId: factor.ResourceOwner,
+		OrganizationId: factor.ResourceOwner,
 	}
 }
 

internal/api/grpc/session/v2/session_test.go

@@ -10,10 +10,11 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/zitadel/internal/api/authz"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/internal/api/authz"
+
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/query"
@@ -151,6 +152,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 			},
 			Metadata: map[string][]byte{"hello": []byte("world")},
@@ -167,6 +169,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				Password: &session.PasswordFactor{
 					VerifiedAt: timestamppb.New(past),
@@ -186,6 +189,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				WebAuthN: &session.WebAuthNFactor{
 					VerifiedAt:   timestamppb.New(past),
@@ -206,6 +210,7 @@ func Test_sessionsToPb(t *testing.T) {
 					LoginName:      "donald",
 					DisplayName:    "donald duck",
 					OrganisationId: "org1",
+					OrganizationId: "org1",
 				},
 				Totp: &session.TOTPFactor{
 					VerifiedAt: timestamppb.New(past),

internal/protoc/protoc-gen-zitadel/zitadel.pb.go.tmpl

@@ -17,8 +17,8 @@ var {{.ServiceName}}_AuthMethods = authz.MethodMapping {
 }
 
 {{ range $m := .AuthContext}}
-func (r *{{ $m.Name }}) OrganisationFromRequest() *middleware.Organisation {
+func (r *{{ $m.Name }}) OrganizationFromRequest() *middleware.Organization {
-	return &middleware.Organisation{
+	return &middleware.Organization{
 		ID: r{{$m.OrgMethod}}.GetOrgId(),
 		Domain: r{{$m.OrgMethod}}.GetOrgDomain(),
 	}

pkg/grpc/user/v2beta/user_service_org.pb.zitadel.go

@@ -0,0 +1,12 @@
+package user
+
+import "github.com/zitadel/zitadel/internal/api/grpc/server/middleware"
+
+// OrganisationFromRequest implements deprecated [middleware.OrganisationFromRequest] interface.
+// it will be removed before going GA (https://github.com/zitadel/zitadel/issues/6718)
+func (r *AddHumanUserRequest) OrganisationFromRequest() *middleware.Organization {
+	return &middleware.Organization{
+		ID:     r.GetOrganisation().GetOrgId(),
+		Domain: r.GetOrganisation().GetOrgDomain(),
+	}
+}

proto/zitadel/admin.proto

@@ -3763,7 +3763,7 @@ service AdminService {
 
     // Activates the "LoginDefaultOrg" feature by setting the flag to "true"
     // This is irreversible!
-    // Once activated, the login UI will use the settings of the default org (and not from the instance) if not organisation context is set
+    // Once activated, the login UI will use the settings of the default org (and not from the instance) if not organization context is set
     rpc ActivateFeatureLoginDefaultOrg(ActivateFeatureLoginDefaultOrgRequest) returns (ActivateFeatureLoginDefaultOrgResponse) {
         option (google.api.http) = {
             put: "/features/login_default_org"

proto/zitadel/management.proto

@@ -6806,7 +6806,7 @@ service ManagementService {
         };
     }
 
-    // Add a new Azure AD identity provider in the organisation
+    // Add a new Azure AD identity provider in the organization
     rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
         option (google.api.http) = {
             post: "/idps/azure"
@@ -6824,7 +6824,7 @@ service ManagementService {
         };
     }
 
-    // Change an existing Azure AD identity provider in the organisation
+    // Change an existing Azure AD identity provider in the organization
     rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
         option (google.api.http) = {
             put: "/idps/azure/{id}"

proto/zitadel/object/v2beta/object.proto

@@ -8,6 +8,7 @@ import "google/protobuf/timestamp.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
 import "validate/validate.proto";
 
+// Deprecated: use Organization
 message Organisation {
   oneof org {
     string org_id = 1;
@@ -15,6 +16,13 @@ message Organisation {
   }
 }
 
+message Organization {
+  oneof org {
+    string org_id = 1;
+    string org_domain = 2;
+  }
+}
+
 message RequestContext {
   oneof resource_owner {
     string org_id = 1;

proto/zitadel/project.proto

@@ -48,7 +48,7 @@ message GrantedProject {
     ];
     string granted_org_name = 3 [
         (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-            example: "\"Some Organisation\""
+            example: "\"Some Organization\""
         }
     ];
     repeated string granted_role_keys = 4 [

proto/zitadel/session/v2beta/session.proto

@@ -73,9 +73,15 @@ message UserFactor {
       description: "\"display name of the checked user\"";
     }
   ];
+  // deprecated: use organization_id, will be remove before GA (https://github.com/zitadel/zitadel/issues/6718)
   string organisation_id = 5 [
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "\"organisation id of the checked user\"";
+      description: "\"organization id of the checked user; deprecated: use organization_id\"";
+    }
+  ];
+  string organization_id = 6 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "\"organization id of the checked user\"";
     }
   ];
 }

proto/zitadel/user/v2beta/user_service.proto

@@ -119,7 +119,7 @@ service UserService {
     option (zitadel.protoc_gen_zitadel.v2.options) = {
       auth_option: {
         permission: "user.write"
-        org_field: "organisation"
+        org_field: "organization"
       }
       http_response: {
         success_code: 201
@@ -655,7 +655,13 @@ message AddHumanUserRequest{
       example: "\"minnie-mouse\"";
     }
   ];
-  zitadel.object.v2beta.Organisation organisation = 3;
+  // deprecated: use organization (if both are set, organization will take precedence)
+  zitadel.object.v2beta.Organisation organisation = 3 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "deprecated: use organization (if both are set, organization will take precedence)"
+    }
+  ];
+  zitadel.object.v2beta.Organization organization = 11;
   SetHumanProfile profile = 4 [
     (validate.rules).message.required = true,
     (google.api.field_behavior) = REQUIRED