id_token missing in callback when `urn:zitadel:iam:org:id:{orgId}` added to the scope
UPDATE: This was my mistake. I added the additional scope with
However, after I replaced my own
I want to enforce that the user belongs to the specified organization so I add it to the scope when creating the url.
However, when Zitadel calls the callback,
If I omit
Is this expected behavior? If it is, where can I read more about it?
Here is what the authorization url looks like
http://localhost:4444/oauth/v2/authorize?response_type=code&client_id=280114109276553218&audience=&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fapi%2Fsession%2Fcallback&scope=profile+email+openid%2Burn%3Azitadel%3Aiam%3Aorg%3Aid%3A280113846494953474&state=_rhU4K3SX4C2JoO33tUUCA&code_challenge=OMUSKo6i5w0NocjXV_g-t50l1vxB7PD0eEcXlzC727Q&code_challenge_method=S256I
I'm running Zitadel v2.58.2 in a Docker container
++ because I saw that profile+email+openidprofile+email+openid also has a plus. Also, my plus turned into %2B%2B while other ++ characters didn't change for some reason. However, after I replaced my own
++ (%2B%2B) with whitespace, I get the id_tokenid_token.I want to enforce that the user belongs to the specified organization so I add it to the scope when creating the url.
However, when Zitadel calls the callback,
id_tokenid_token is missing (I only get an access token that looks opaque) .If I omit
urn:zitadel:iam:org:id:{orgId}urn:zitadel:iam:org:id:{orgId}, I get the id_tokenid_token as expectedIs this expected behavior? If it is, where can I read more about it?
Here is what the authorization url looks like
http://localhost:4444/oauth/v2/authorize?response_type=code&client_id=280114109276553218&audience=&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fapi%2Fsession%2Fcallback&scope=profile+email+openid%2Burn%3Azitadel%3Aiam%3Aorg%3Aid%3A280113846494953474&state=_rhU4K3SX4C2JoO33tUUCA&code_challenge=OMUSKo6i5w0NocjXV_g-t50l1vxB7PD0eEcXlzC727Q&code_challenge_method=S256I
I'm running Zitadel v2.58.2 in a Docker container
