NextJS B2B Example: Alice able to view/manage user from another organization
Hi, I followed this example, and everything works mostly. (Doc doesn't include ZITADEL_CLIENT_SECRET in the .env, which is needed)
https://zitadel.com/docs/examples/login/nextjs-b2b
However, I have now set up a second project within Demo-Vendor named 'Client A', that has a user that was created on the Demo-Vendor organization. When logging into the provided NextJS application ( https://github.com/zitadel/zitadel-nextjs-b2b) as Alice (who is a user of the Demo-Customer organization) and going to 'Manage Team', she is able to see the name of this project and the user listed below, which she can edit. This project was not granted to her and sits within a separate organization.
I went through the code and get to this API call requesting user grants for Alice's organization. For some reason this API call that uses Alice's organization ID returns the user in the Demo Vendor organization
Line 48 of components > UserGrantsTable.tsx:
Can someone please explain why the user grants API returns a user that is not part of the Organization making the call?
Thanks
https://zitadel.com/docs/examples/login/nextjs-b2b
However, I have now set up a second project within Demo-Vendor named 'Client A', that has a user that was created on the Demo-Vendor organization. When logging into the provided NextJS application ( https://github.com/zitadel/zitadel-nextjs-b2b) as Alice (who is a user of the Demo-Customer organization) and going to 'Manage Team', she is able to see the name of this project and the user listed below, which she can edit. This project was not granted to her and sits within a separate organization.
I went through the code and get to this API call requesting user grants for Alice's organization. For some reason this API call that uses Alice's organization ID returns the user in the Demo Vendor organization
Line 48 of components > UserGrantsTable.tsx:
const { data: userGrantsResponse, error: orgError } = useSWR(org?.id ? /api/usergrants?orgId=${org.id} : null, (url) =>
fetcher(url),
);Can someone please explain why the user grants API returns a user that is not part of the Organization making the call?
Thanks
This is our ZITADEL Next.js B2B template. It shows how to authenticate as a user with multiple organizations. The application shows your users roles on the selected organizations, other projects your organization is allowed to use and other users having a grant to use the application.
