ory · hperl · Oct 29, 2024 · Oct 23, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -709,6 +709,9 @@
             "anyOf": [
               {
                 "$ref": "#/definitions/selfServiceWebHook"
+              },
+              {
+                "$ref": "#/definitions/b2bSSOHook"
               }
             ]
           },
@@ -766,6 +769,9 @@
               },
               {
                 "$ref": "#/definitions/selfServiceShowVerificationUIHook"
+              },
+              {
+                "$ref": "#/definitions/b2bSSOHook"
               }
             ]
           },

@@ -6,6 +6,7 @@ package flow
 import (
 	"encoding/json"
 
+	"github.com/gofrs/uuid"
 	"github.com/tidwall/gjson"
 	"github.com/tidwall/sjson"
 
@@ -19,6 +20,7 @@ type DuplicateCredentialsData struct {
 	CredentialsType     identity.CredentialsType
 	CredentialsConfig   sqlxx.JSONRawMessage
 	DuplicateIdentifier string
+	OrganizationID      uuid.UUID
 }
 
 type InternalContexter interface {

@@ -18,6 +18,7 @@ import (
 
 	"github.com/ory/x/jsonx"
 	"github.com/ory/x/sqlxx"
+	"github.com/ory/x/uuidx"
 
 	"github.com/ory/kratos/driver/config"
 	"github.com/ory/kratos/identity"
@@ -224,6 +225,7 @@ func TestDuplicateCredentials(t *testing.T) {
 			CredentialsType:     "foo",
 			CredentialsConfig:   sqlxx.JSONRawMessage(`{"bar":"baz"}`),
 			DuplicateIdentifier: "bar",
+			OrganizationID:      uuidx.NewV4(),
 		}
 
 		require.NoError(t, flow.SetDuplicateCredentials(f, dc))

@@ -171,6 +171,9 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
 					CredentialsConfig:   i.Credentials[ct].Config,
 					DuplicateIdentifier: duplicateIdentifier,
 				}
+				if registrationFlow.OrganizationID.Valid {
+					registrationDuplicateCredentials.OrganizationID = registrationFlow.OrganizationID.UUID
+				}
 
 				if err := flow.SetDuplicateCredentials(registrationFlow, registrationDuplicateCredentials); err != nil {
 					return err

@@ -278,6 +278,7 @@ func (s *Strategy) registrationToLogin(ctx context.Context, w http.ResponseWrite
 	}
 	lf.TransientPayload = rf.TransientPayload
 	lf.Active = s.ID()
+	lf.OrganizationID = rf.OrganizationID
 
 	return lf, nil
 }

@@ -26,6 +26,7 @@ import (
 
 	"github.com/ory/kratos/selfservice/hook/hooktest"
 	"github.com/ory/x/sqlxx"
+	"github.com/ory/x/uuidx"
 
 	"github.com/ory/kratos/hydra"
 	"github.com/ory/kratos/selfservice/sessiontokenexchange"
@@ -1531,6 +1532,7 @@ func TestStrategy(t *testing.T) {
 			subject2 := "new-login-subject2@ory.sh"
 			scope = []string{"openid"}
 			password := "lwkj52sdkjf"
+			orgID := uuidx.NewV4()
 
 			var i *identity.Identity
 			t.Run("step=create password identity", func(t *testing.T) {
@@ -1555,6 +1557,8 @@ func TestStrategy(t *testing.T) {
 
 			client := testhelpers.NewClientWithCookieJar(t, nil, nil)
 			loginFlow := newLoginFlow(t, returnTS.URL, time.Minute, flow.TypeBrowser)
+			loginFlow.OrganizationID = uuid.NullUUID{orgID, true}
+			require.NoError(t, reg.LoginFlowPersister().UpdateLoginFlow(context.Background(), loginFlow))
 
 			var linkingLoginFlow struct {
 				ID        string
@@ -1572,6 +1576,7 @@ func TestStrategy(t *testing.T) {
 				assert.True(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==identifier)").Exists(), "%s", body)
 				assert.True(t, gjson.GetBytes(body, "ui.nodes.#(attributes.name==password)").Exists(), "%s", body)
 				assert.Equal(t, "new-login-if-email-exist-with-password-strategy@ory.sh", gjson.GetBytes(body, "ui.messages.#(id==1010016).context.duplicateIdentifier").String())
+				assert.Equal(t, gjson.GetBytes(body, "organization_id").String(), orgID.String())
 				linkingLoginFlow.ID = gjson.GetBytes(body, "id").String()
 				linkingLoginFlow.UIAction = gjson.GetBytes(body, "ui.action").String()
 				linkingLoginFlow.CSRFToken = gjson.GetBytes(body, `ui.nodes.#(attributes.name=="csrf_token").attributes.value`).String()