Zitadel forgets `urn:zitadel:iam:org:id:{orgId}` scope if you insert domain suffix of another org
Problem: Zitadel forgets the added organization scope of the
0. Enable
1. Have two orgs A and B. Set A to default. Create a user to A. Let's call it
2. Create projects and applications for both organizations (I use PKCE)
3. Set your applications to add
4. Sign in. You will be greeted with
5. Click
6. Input
7. Zitadel will take you to the "Registration options" screen (instead of the login by password screen as one might expect).
At this point if there are branding differences, you might notice the change already
8. Click the back-arrow of Zitadel. You will be greeted with
9. Now input
10. Enter the password. If the password is correct, you will sign in successfully
How can I avoid this behaviour?
I'm using Zitadel v2.58.2
authorize0. Enable
Add organization domain as suffix to loginnames1. Have two orgs A and B. Set A to default. Create a user to A. Let's call it
alice@myemail.com@A.localhost2. Create projects and applications for both organizations (I use PKCE)
3. Set your applications to add
urn:zitadel:iam:org:id:{orgIdOfB}4. Sign in. You will be greeted with
Enter your login data. The user must be member of the B organization.5. Click
Other User6. Input
alice@myemail.com@A.localhost7. Zitadel will take you to the "Registration options" screen (instead of the login by password screen as one might expect).
At this point if there are branding differences, you might notice the change already
8. Click the back-arrow of Zitadel. You will be greeted with
Enter your login data. The user must be member of the A organization.9. Now input
alice@myemail.com@A.localhostNext10. Enter the password. If the password is correct, you will sign in successfully
How can I avoid this behaviour?
I'm using Zitadel v2.58.2
