Auth request with org scope allows users out of org
βUnsolvedπͺ²Bugs
We are creating an auth request with a scope that looks like this
I've worked around this by on provisioning side double checking the users org id == the org id i was trying to auth for but it seems like an invalid flow to complete a auth request with a user thats not part of the scope?
running 4.10.1 docker with login
urn:zitadel:iam:org:id:{id}urn:zitadel:iam:org:id:{id} on z side if i am logged in as the local admin it bounces me back completing the auth request with the user infromation for my local admin. But the local admin is not part of the tenants org.I've worked around this by on provisioning side double checking the users org id == the org id i was trying to auth for but it seems like an invalid flow to complete a auth request with a user thats not part of the scope?
running 4.10.1 docker with login
