From 7fd750b587d9a2ff17a984ff4a95a52801ed3755 Mon Sep 17 00:00:00 2001
From: kyy <b24053@hanmaceng.co.kr>
Date: Fri, 24 Apr 2026 14:51:13 +0900
Subject: [PATCH] =?UTF-8?q?consent=20=EC=9E=90=EB=8F=99=20=EC=8A=B9?=
 =?UTF-8?q?=EC=9D=B8=20=EA=B2=BD=EB=A1=9C=20tenantID=20=EC=A0=84=EB=8B=AC?=
 =?UTF-8?q?=20=EB=88=84=EB=9D=BD=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/internal/handler/auth_handler.go | 8 +++++++-
 docker/ory/oathkeeper/rules.active.json  | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go
index 1855f851..f34b1373 100644
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -5152,8 +5152,14 @@ func (h *AuthHandler) GetConsentRequest(c *fiber.Ctx) error {
 				identity, err := h.KratosAdmin.GetIdentity(c.Context(), consentRequest.Subject)
 				if err == nil && identity != nil {
 					currentSessionID := h.resolveCurrentSessionID(c)
+					var tenantID string
+					if consentRequest.Client.Metadata != nil {
+						if tid, ok := consentRequest.Client.Metadata["tenant_id"].(string); ok {
+							tenantID = tid
+						}
+					}
 					sessionClaims := withOidcSessionMetadata(
-						buildOidcClaimsFromTraits(identity.Traits, consentRequest.RequestedScope),
+						buildOidcClaimsFromTraits(identity.Traits, consentRequest.RequestedScope, tenantID),
 						currentSessionID,
 					)
 					acceptResp, err := h.Hydra.AcceptConsentRequest(c.Context(), challenge, consentRequest, sessionClaims)
diff --git a/docker/ory/oathkeeper/rules.active.json b/docker/ory/oathkeeper/rules.active.json
index fd6bfb2d..4a0735da 100755
--- a/docker/ory/oathkeeper/rules.active.json
+++ b/docker/ory/oathkeeper/rules.active.json
@@ -156,4 +156,4 @@
     "authorizer": { "handler": "allow" },
     "mutators": [{ "handler": "noop" }]
   }
-]
+]
\ No newline at end of file