tracker.org

tracker.org

@@ -303,33 +303,10 @@ IROH-Auth currently work with 3 IdPs:
 - SxSO (Okta)
 
 SxSO is the only IdP from which we do not care about the =organization-id=.
+So organization created through login via IDB AMP or IDB TG will be called
+/managed orgs/. Mainly the IdP is responsible for the name of the =org-id=.
 
-During the first login of a new user we can create a new org.
+For managed orgs, we create the org using the function =iroh-auth.iroh-auth-service.core/sync-user-org=.
-To support different protocols and login IdP we centralize the 3rd party
-information about some user in a structure called =SessionTokenInfos=:
-
-#+BEGIN_SRC clojure
-(s/defschema SessionTokenInfos
-  (st/open-schema
-   (st/merge
-    {:token-id s/Str
-     :user-id s/Str
-     :org-id s/Str}
-    (st/optional-keys
-     {:role s/Str
-      :scopes (s/either [s/Str] #{s/Str})
-      :idp-id s/Str
-      :user-email s/Str
-      :user-nick s/Str
-      :org-name s/Str
-      :original-org-id s/Str
-      :original-user-id s/Str
-      :lifetime-in-sec s/Int
-      :max-clock-skew  s/Int
-      :oidc-identity-token {:id_token s/Str
-                            s/Keyword s/Any}
-      :saml-response s/Str}))))
-#+END_SRC
 **** DONE back to work                                            :work:
 :LOGBOOK:
 CLOCK: [2020-09-29 Tue 13:57]--[2020-09-29 Tue 14:04] =>  0:07