Problem Statement
I recently conducted testing to determine whether we can extract the organization ID or any other values from the organization parameters within our email branding templates. However, I have not been able to retrieve any values from the organization parameter in our email templates.
Symptoms
- Organization parameters like {{ organization.id }} or {{ organization.name }} appear as empty strings in email templates.
Steps to Reproduce
- Place {{ organization.id }} within your Password Change email template.
- Trigger a Change Password email by clicking the “Forgot password?” link on the Universal Login page or by making a /dbconnections/change_password request without specifying the organization ID.
Cause
- “Forgot Password?” Link in Universal Login Experience: The Universal Login does not possess knowledge of the organization ID that the user is utilizing during login.
- Authentication API Request: Organization parameters are not accessible unless the organization ID is explicitly provided in the request.
Solution
“Forgot Password?” Link in Universal Login Experience: Opt for “Prompt for Organization” to enable the Universal Login Experience to identify the organization to be used. Refer to: Configure the Login Flow for Your Application
Alternatively, embed an organization parameter in the authorization request. If, for instance, you are employing express-openid-connect:
authorizationParams: {
response_type: 'code',
scope: 'openid profile email',
audience: 'xxxxx',
organization: "org_xxxxx",
},
Authentication API Request: Explicitly specify the organization ID in your request:
POST https://{yourDomain}/dbconnections/change_password
{
"client_id": "xxxxx",
"email": "youremail@example.com",
"connection": "testdatabase",
"organization": "org_xxxxx"
}