+
Skip to content

Resolve scope #43339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Resolve scope #43339

wants to merge 1 commit into from

Conversation

Tungsten78
Copy link

@Tungsten78 Tungsten78 commented Oct 9, 2025
edited
Loading

Resolves #42836
Resolves #42839

  • OrganizationAuthenticator.java -> ANY scope organization selection will be transformed to SINGLE
  • OrganizationMembershipMapper.java -> resolve organization from the scope instead of client session note
  • OrganizationScopes.java -> update name resolves to account for all possible token refresh scenarios

SINGLE Scope Tests (Previous: organization:foo)

  • SINGLE → ANY: organization:foo + request organization → Result: organization:foo
  • SINGLE → ALL: organization:foo + request organization:* → Result: organization:foo
  • SINGLE → Different SINGLE: organization:foo + request organization:bar → Result: null
  • SINGLE → Same SINGLE: Not explicitly shown, but would work via equality check

ALL Scope Tests (Previous: organization:*)

  • ALL → SINGLE: organization:* + request organization:foo → Result: organization:foo
  • ALL → Different SINGLE: organization:* + request organization:bar → Result: organization:bar
  • ALL → ANY: organization:* + request organization → Result: null

Additional SINGLE Tests (Previous: organization:bar)

  • SINGLE → ANY: organization:bar + request organization → Result: organization:bar
  • SINGLE → ALL: organization:bar + request organization:* → Result: organization:bar
  • SINGLE → Different SINGLE: organization:bar + request organization:foo → Result: null

ANY Scope tests

  • N/A - the browser flow transforms the scope to SINGLE (see single cases above)

@Tungsten78 Tungsten78 force-pushed the resolve-scope branch 2 times, most recently from 89efb0a to 66bb4fb Compare October 10, 2025 18:15
@Tungsten78
resolve org from scope instead of client session note (keycloak#42836)
ff9247f 
Signed-off-by: Chris Leigh <3805338+Tungsten78@users.noreply.github.com>
@Tungsten78 Tungsten78 marked this pull request as ready for review October 10, 2025 18:31
@Tungsten78 Tungsten78 requested review from a team as code owners October 10, 2025 18:31
@Tungsten78
Copy link
Author

cc @pedroigor - looking forward to your review. thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

UserInfo endpoint returns incorrect organization claim Organization selection changes after token refresh

1 participant

@Tungsten78
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载