fix: primary domain claim (#1082)

* fix: primary domain scope (overwrite by roles and rogue `:`)

* disable wrong users

* fix test

* show requested org name

* only show domain when selected

internal/auth_request/model/auth_request.go

@@ -1,11 +1,13 @@
 package model
 
 import (
-	"github.com/caos/zitadel/internal/iam/model"
-	"golang.org/x/text/language"
 	"strings"
 	"time"
 
+	"golang.org/x/text/language"
+
+	"github.com/caos/zitadel/internal/iam/model"
+
 	"github.com/caos/zitadel/internal/errors"
 )
 
@@ -30,6 +32,8 @@ type AuthRequest struct {
 	LoginName           string
 	DisplayName         string
 	UserOrgID           string
+	RequestedOrgID      string
+	RequestedOrgName    string
 	SelectedIDPConfigID string
 	LinkingUsers        []*ExternalUser
 	PossibleSteps       []NextStep

internal/auth_request/model/next_step.go

@@ -48,10 +48,11 @@ func (s *SelectUserStep) Type() NextStepType {
 }
 
 type UserSelection struct {
-	UserID           string
-	DisplayName      string
-	LoginName        string
-	UserSessionState UserSessionState
+	UserID            string
+	DisplayName       string
+	LoginName         string
+	UserSessionState  UserSessionState
+	SelectionPossible bool
 }
 
 type InitUserStep struct {

internal/auth_request/model/request.go

@@ -20,6 +20,7 @@ const (
 
 const (
 	OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
+	OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
 	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
 	AudSuffix             = ":aud"
 )