From b638ed528d3194ed6ea1617089cb1bbfd29686a3 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 9 Jul 2025 10:51:13 -0400 Subject: [PATCH] fix(login v1): ensure the user's organization is always set into the token context (#10221) # Which Problems Are Solved Customers reported, that if the session / access token in Console expired and they re-authenticated, the user list would be empty. While reproducing the issue, we discovered that the necessary organization information, would be missing in the access token, since this would already be missing in the OIDC session creation when using an id_token_hint. # How the Problems Are Solved - Ensure the user's organization is set in the login v1 auth request. This is used to create the OIDC and token information. # Additional Changes None # Additional Context - reported by customers - requires backport to v3.x (cherry picked from commit 2821f41c3a14fc0fc420875c741163e9f4ace00b) --- .../auth/repository/eventsourcing/eventstore/auth_request.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 0ede13ae68..984a1e7145 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -1055,6 +1055,10 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth if err != nil { return nil, err } + // in case the user was set automatically, we might not have the org set + if request.UserOrgID == "" { + request.UserOrgID = user.ResourceOwner + } userSession, err := userSessionByIDs(ctx, repo.UserSessionViewProvider, repo.UserEventProvider, request.AgentID, user) if err != nil { return nil, err