mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-30 14:47:12 +00:00
66e04b1dad
# Which Problems Are Solved When users authenticate via IDP (Identity Provider) without explicit organization context, the flow could fail or create users without proper organization assignment. This occurred when: - No organization parameter was provided in the IDP callback - Domain discovery didn't find a matching organization - OIDC requests didn't include organization scopes # How the Problems Are Solved Implemented a fallback mechanism that ensures organization context is always available: - Centralized organization resolution in `resolveOrganizationForUser()` - First: Use explicitly provided organization - Second: Attempt domain discovery from username - Third: Fallback to default organization (NEW) - Explicit error handling: Users are never created without organization context. If no organization can be determined (including no default org), the flow fails gracefully with a clear error message. - Applied to both creation flows: - CASE 4: Auto-creation of users - CASE 5: Manual user registration Co-authored-by: Ramon <mail@conblem.me>