Actions V2 Organization ID
πAuthenticationβUnsolvedβQuestion
Hi,
for example in Zitadel we have 2 orgainzations OrgA and OrgB.
In OrgA we have user UserFoo which does not exist in OrgB.
In both orgs we create WebApp Clients.
Actions v2 - function: preaccesstoken
If I try to create a token using WebApp client from org A, in the webhook action request I will receive something like this:
If I do the same but this time I use OrgB WebClientID (user is not a member of the org, but still it is possible to authenticate them), I will get this:
In the second scenario when I'm using application client (org_B_client_id) from the organization (OrgB) where the user is not a member, is it expected behavior to receive "org" data for OrgA?
For our usecase it would be beneficial to know which client (that we have under application) from which organization is trying to authenticate a user that is a member of a different org.
Would it make sense to add
for example in Zitadel we have 2 orgainzations OrgA and OrgB.
In OrgA we have user UserFoo which does not exist in OrgB.
In both orgs we create WebApp Clients.
Actions v2 - function: preaccesstoken
If I try to create a token using WebApp client from org A, in the webhook action request I will receive something like this:
If I do the same but this time I use OrgB WebClientID (user is not a member of the org, but still it is possible to authenticate them), I will get this:
In the second scenario when I'm using application client (org_B_client_id) from the organization (OrgB) where the user is not a member, is it expected behavior to receive "org" data for OrgA?
For our usecase it would be beneficial to know which client (that we have under application) from which organization is trying to authenticate a user that is a member of a different org.
Would it make sense to add
client_org_idclient_org_id property in applicationapplication object?
