- Inject claim based on OIDC Client metadata
- Extract namespaced tenant metadata from traits and flatten it to root
- Expose all joined tenants metadata under and arrays
- Fix missing AuditLog generation during auto-accepted Consent
- Associate correct during auth events AuditLog recording
- Add unit and integration tests for dynamic claims
Details:
- Backend: Extract Kratos session cookies and propagate via SetCookies in AuthInfo.
- Backend: Include sessionJwt and token during OIDC flows in PasswordLogin.
- UserFront: Add _silentSessionRecovery in main.dart to recover session via cookies if localStorage token is missing.
- UserFront: Update AuthProxyService, AuthTokenStore, AuthNotifier to support silent recovery and immediate local state update before redirect.
- AdminFront/DevFront: Fix OIDC authority to point directly to Gateway proxy and add recovery/error UI components.
- UpdateUser: Implement 'Preserve & Merge' logic to fetch existing joined
tenants from Keto and merge them with UI requests, preventing the
loss of multi-tenant affiliations.
- Keto Sync: Expand the self-healing background job to iterate over all
companyCodes, ensuring 'members' relations are created for every
joined tenant (fixes#554).
- AuthHandler: Update extractFirstString to gracefully handle numeric
JSON types, fixing an issue where Kratos login codes were lost during
Courier webhook processing.
This commit includes:
- Added SharedLink data model and Keto-bypassed public API for orgchart view
- Configured 'orgfront' as a new OAuth2 client in hydra
- Applied MH Dashboard premium beige theme to OrgChart
- Implemented user lookup fallback to company code
Adjusts parameter matching on mockSvc.ListTenants to use mock.Anything and mockUserRepo methods, ensuring the test safely covers the newly added allTenants internal sub-query flow without fragile strict args.
Changes the /v1/admin/tenants endpoint to be accessible by all authenticated users (requireAnyUser). In the handler, it dynamically resolves the user's affiliations and filters the response to return the complete hierarchical tree (root, parent, child, sibling nodes) for any tenant they belong to.
