mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-02 13:32:26 +00:00
b4a1beae14
# Which Problems Are Solved
When users authenticate via IDP (Identity Provider) without explicit
organization context, the flow could fail or create users without proper
organization assignment. This occurred when:
- No organization parameter was provided in the IDP callback
- Domain discovery didn't find a matching organization
- OIDC requests didn't include organization scopes
# How the Problems Are Solved
Implemented a fallback mechanism that ensures organization context is
always available:
- Centralized organization resolution in `resolveOrganizationForUser()`
- First: Use explicitly provided organization
- Second: Attempt domain discovery from username
- Third: Fallback to default organization (NEW)
- Explicit error handling: Users are never created without organization
context. If no organization can be determined (including no default
org), the flow fails gracefully with a clear error message.
- Applied to both creation flows:
- CASE 4: Auto-creation of users
- CASE 5: Manual user registration
Co-authored-by: Ramon <mail@conblem.me>
(cherry picked from commit 66e04b1dad)