Fix user view tenant

2026-04-29 12:33:04 +02:00
parent c46f27edef
commit c75e2faba3
1 changed files with 16 additions and 0 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -57,6 +57,22 @@ export const authConfig: NextAuthConfig = {
          claims["urn:zitadel:iam:org:project:roles"]
        );
        token.accessToken = account.access_token;
+        // Pin token.sub to the OIDC subject. Auth.js v5 otherwise puts a
+        // freshly generated UUID in token.sub on initial sign-in,
+        // ignoring what profile() returns for `id`. That UUID then
+        // becomes session.user.id everywhere downstream — including
+        // `tenant_user_assignments.assigned_by` and (more importantly)
+        // the WHERE clause used to look up the invited user's
+        // assignments on the dashboard. With a UUID in the session and
+        // a ZITADEL snowflake in the DB, the lookup matches nothing
+        // and assigned tenants never appear (Bug 27).
+        //
+        // Reference: https://github.com/nextauthjs/next-auth/issues/11174
+        // Auth.js respects an explicit token.sub assignment; the
+        // override below is preserved across subsequent jwt() calls.
+        if (typeof profile.sub === "string") {
+          token.sub = profile.sub;
+        }
      }
      return token;
    },