That’s correct that in order to include the org_id in a token, it will need to be included in the authorize call one way or another.
If you feel there is a gap in the Organization feature as is, I definitely recommend scanning through through and opening up a feedback request if you don’t see something similar as we monitor these for community engagement - If there is something you’d like to see I’m sure other community members would as well