TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 17:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(login v1): ensure the user's organization is always set into the token context (#10221)

Browse Source 
# Which Problems Are Solved

Customers reported, that if the session / access token in Console
expired and they re-authenticated, the user list would be empty.
While reproducing the issue, we discovered that the necessary
organization information, would be missing in the access token, since
this would already be missing in the OIDC session creation when using an
id_token_hint.

# How the Problems Are Solved

- Ensure the user's organization is set in the login v1 auth request.
This is used to create the OIDC and token information.

# Additional Changes

None

# Additional Context

- reported by customers
- requires backport to v3.x

(cherry picked from commit 2821f41c3a)
This commit is contained in:
Livio Spring
2025-07-09 10:51:13 -04:00
parent 8aa7801f40
commit b638ed528d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/auth/repository/eventsourcing/eventstore/auth_request.go
View File

@@ -1055,6 +1055,10 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth
if err != nil { if err != nil {
return nil, err return nil, err
} }
// in case the user was set automatically, we might not have the org set
if request.UserOrgID == "" {
request.UserOrgID = user.ResourceOwner
}
userSession, err := userSessionByIDs(ctx, repo.UserSessionViewProvider, repo.UserEventProvider, request.AgentID, user) userSession, err := userSessionByIDs(ctx, repo.UserSessionViewProvider, repo.UserEventProvider, request.AgentID, user)
if err != nil { if err != nil {
return nil, err return nil, err