Hello, I’m using the Resource Owner Password Flow to obtain an access token which I then use to access my API in e2e tests with Cypress. The issue is that the access token I get back does not contain an org_id since the Resource Owner Password Flow is not supported in the context of Organizations - however, our API requires the access token to contain an org_id, otherwise, the user will not be allowed to access any endpoints. Is there a way to add an org_id to the access token returned from the Resource Owner Password Flow?
I understand that I can utilize the Authorization Code Flow which utilizes the /authorize endpoint in order to add an org_id to the access token. However, this flow does not allow me to authenticate through a specific user. In this case, I need to receive an access token for a test user that I’m using in the e2e tests but I also need the token to contain an org_id as well.
Unfortunately, as far I can tell this is not possible - Even if you temporarily disable organization for a specific application, and use the ROP flow + a rule to manually add a custom claim of org_id, you won’t be able to as org_id is subject to restrictions.
The only option I can think of while using the ROP flow is to add a custom claim with an org_id but naming it something else, like org_id1 - Obviously not ideal, but an option if you can work around this in testing.
Thanks for the reply @tyf ! Do you know if the Auth0 team has any plans in the near future to enable the support of Organizations in the ROP flow? This would be a great feature to have when it comes to have.
Hey @simon17 no problem, I’m happy to help where I can!
ROPG support for organizations is on the radar (primarily for testing purposes similar to your needs), but there are no plans to support in the near future. I do however recommend creating a feedback request for this as I don’t currently see anything related. It would be good to have it on record and the more votes it gets from community members the more likely it is to get attention.