Resolve user store domain not correctly set when trying organization switch grant #38
Conversation
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/12366405774
| private void resolveUserStoreDomain(AuthenticatedUser authenticatedUser, String organizationId) | ||
| throws IdentityOAuth2Exception { | ||
|
|
||
| String userStoreDomain = IdentityUtil.getProperty(ORG_USER_INVITATION_USER_DOMAIN); |
There was a problem hiding this comment.
When the userstore is configured as PRIMARY in this configuration but the userstore mgt configuration level if the admin has renamed the userstore name of PRIMARY, it is wrong to store PRIMARY as the userstore domain.
Let's gracefully handle that case. @DilshanSenarath has done similar fix in another place
There was a problem hiding this comment.
Better to fix it by introducing a util method to get ORG_USER_INVITATION_USER_DOMAIN resolving this mentioned considtion, instead reading the config directly from IdentityUtil.getProperty(ORG_USER_INVITATION_USER_DOMAIN)
There was a problem hiding this comment.
@HasiniSama Let's address the comments.
There was a problem hiding this comment.
Yes. Better to have a util method which encapsulate the logic.
| int tenantId = IdentityTenantUtil.getTenantId(tenantDomain); | ||
| userStoreDomain = getAbstractUserStoreManager(tenantId).getUser(authenticatedUser.getUserId(), | ||
| null).getUserStoreDomain(); | ||
|
|
|
|
||
| /* The shared user's domain can be different from the original user's domain. Hence, resolve the correct user | ||
| store domain. */ | ||
| resolveUserStoreDomain(authenticatedUser, accessingOrgId); |
There was a problem hiding this comment.
for better readability, shall we return the relevant userstore from the private method and amend the authenticatedUser object in the main method
There was a problem hiding this comment.
Change the method name accordingly
| @@ -79,6 +84,7 @@ public class OrganizationSwitchGrant extends AbstractAuthorizationGrantHandler { | |||
| private static final Log LOG = LogFactory.getLog(OrganizationSwitchGrant.class); | |||
| private static final String TOKEN_BINDING_REFERENCE = "tokenBindingReference"; | |||
| private static final String OAUTH_APP_PROPERTY = "OAuthAppDO"; | |||
| public static final String ORG_USER_INVITATION_USER_DOMAIN = "OrganizationUserInvitation.PrimaryUserDomain"; | |||
There was a problem hiding this comment.
Try to get this config from org mgt repos if there is no cyclic dependency issues. This will be resolved by doing https://github.com/wso2-extensions/identity-oauth2-grant-organization-switch/pull/38/files#r1903916703 anyway
Purpose