wlinna
wlinna•10mo ago

Zitadel forgets `urn:zitadel:iam:org:id:{orgId}` scope if you insert domain suffix of another org

Problem: Zitadel forgets the added organization scope of the authorize request and reverts to the default organization, and it's very easy to reproduce accidentally: 0. EnableAdd organization domain as suffix to loginnames in instance settings. 1. Have two orgs A and B. Set A to default. Create a user to A. Let's call it alice@myemail.com@A.localhost 2. Create projects and applications for both organizations (I use PKCE) 3. Set your applications to add urn:zitadel:iam:org:id:{orgIdOfB} to the scopes in authorization url. 4. Sign in. You will be greeted with Enter your login data. The user must be member of the B organization. 5. Click Other User 6. Input alice@myemail.com@A.localhost. Click next 7. Zitadel will take you to the "Registration options" screen (instead of the login by password screen as one might expect). At this point if there are branding differences, you might notice the change already 8. Click the back-arrow of Zitadel. You will be greeted with Enter your login data. The user must be member of the A organization. 9. Now input alice@myemail.com@A.localhost again and click Next. 10. Enter the password. If the password is correct, you will sign in successfully How can I avoid this behaviour? I'm using Zitadel v2.58.2
4 Replies
FFO
FFO•10mo ago
Hm, that is a weird one 🙈 Kind of sounds like this issue to me https://github.com/zitadel/zitadel/issues/7744#issuecomment-2287926882 @livio what do you think?
GitHub
[Bug]: User not found when login with username and domain · Issue #...
Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment ZITADEL Cloud Version No response Database None D...
Unknown User
Unknown User•10mo ago
Message Not Public
Sign In & Join Server To View
wlinna
wlinnaOP•10mo ago
Okay, I will try to do it tomorrow
wlinna
wlinnaOP•10mo ago
Here it is. I added some screenshots for good measure https://github.com/zitadel/zitadel/issues/8464
GitHub
[Bug]: Zitadel forgets urn:zitadel:iam:org:id:{orgId} scope if yo...
Preflight Checklist I could not find a solution in the documentation, the existing issues or discussions I have joined the ZITADEL chat Environment Self-hosted Version v2.58.2 Database PostgreSQL D...

Did you find this page helpful?