From 991a56341bde72ca096dbe1e7c464fd05ae3d38f Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 4 Apr 2023 14:36:39 +0200
Subject: [PATCH] fix: role claims mapping (#5601)

* fix: role claims mapping

* update oidc pkg

* update oidc pkg
---
 go.mod                      |  2 +-
 go.sum                      |  4 ++--
 internal/api/oidc/client.go | 16 ++++++----------
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/go.mod b/go.mod
index 52700f8fc0..3ac3be8409 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/superseriousbusiness/exifremove v0.0.0-20210330092427-6acd27eac203
 	github.com/ttacon/libphonenumber v1.2.1
 	github.com/zitadel/logging v0.3.4
-	github.com/zitadel/oidc/v2 v2.2.1
+	github.com/zitadel/oidc/v2 v2.2.5
 	github.com/zitadel/saml v0.0.10
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.27.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.27.0
diff --git a/go.sum b/go.sum
index e75d6be6e1..bd231ad384 100644
--- a/go.sum
+++ b/go.sum
@@ -1141,8 +1141,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/zitadel/logging v0.3.4 h1:9hZsTjMMTE3X2LUi0xcF9Q9EdLo+FAezeu52ireBbHM=
 github.com/zitadel/logging v0.3.4/go.mod h1:aPpLQhE+v6ocNK0TWrBrd363hZ95KcI17Q1ixAQwZF0=
-github.com/zitadel/oidc/v2 v2.2.1 h1:3uaN7ERsP031MZqhqUNVyLlGB7seel/YJ0CUryjIGSQ=
-github.com/zitadel/oidc/v2 v2.2.1/go.mod h1:tGkj9lQk6KVj5hsM89XPadvi6I06666sMy3KtykvSFM=
+github.com/zitadel/oidc/v2 v2.2.5 h1:vxSVowLnvbujqmJRWsBxC7lCBZngrK0zVlQKznb4IxI=
+github.com/zitadel/oidc/v2 v2.2.5/go.mod h1:tGkj9lQk6KVj5hsM89XPadvi6I06666sMy3KtykvSFM=
 github.com/zitadel/saml v0.0.10 h1:cyKd78Vat9vz55S74lggJrXMSqbAPsnJDrPFTPScNYY=
 github.com/zitadel/saml v0.0.10/go.mod h1:Hze1/zRN9j1uh7U+89vweP/OwLNO8BLHg3zU1Jtycdg=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go
index 375158ca34..e1a26f866f 100644
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -804,21 +804,17 @@ func (p *projectsRoles) Add(projectID, roleKey, orgID, domain string, isRequeste
 
 // projectRoles contains the roles of a project of multiple organisations
 //
-// key is the role key
-type projectRoles map[string][]projectRole
+// key of the first map is the role key,
+// key of the second map is the org id, value the org domain
+type projectRoles map[string]map[string]string
 
 func (p projectRoles) Add(roleKey, orgID, domain string) {
-	if len(p[roleKey]) == 0 {
-		p[roleKey] = make([]projectRole, 0, 1)
+	if p[roleKey] == nil {
+		p[roleKey] = make(map[string]string, 1)
 	}
-	p[roleKey] = append(p[roleKey], projectRole{orgID: domain})
+	p[roleKey][orgID] = domain
 }
 
-// projectRole contains all the organisations where a user is granted a certain role
-//
-// key is the org id, value the org domain
-type projectRole map[string]string
-
 func getGender(gender domain.Gender) oidc.Gender {
 	switch gender {
 	case domain.GenderFemale: