From e55d130f42927cf59d452654aaa0047d53609b68 Mon Sep 17 00:00:00 2001
From: Henning Perl <henning.perl@ory.sh>
Date: Thu, 13 Feb 2025 09:26:33 +0100
Subject: [PATCH] feat: allow setting the org ID on creation

---
 identity/handler.go      |  6 ++++++
 identity/handler_test.go | 14 ++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/identity/handler.go b/identity/handler.go
index 759db3306cf7..590120719c84 100644
--- a/identity/handler.go
+++ b/identity/handler.go
@@ -435,6 +435,11 @@ type CreateIdentityBody struct {
 	//
 	// required: false
 	State State `json:"state"`
+
+	// OrganizationID is the ID of the organization to which the identity belongs.
+	//
+	// required: false
+	OrganizationID uuid.NullUUID `json:"organization_id"`
 }
 
 // Create Identity and Import Credentials
@@ -576,6 +581,7 @@ func (h *Handler) identityFromCreateIdentityBody(ctx context.Context, cr *Create
 		RecoveryAddresses:   cr.RecoveryAddresses,
 		MetadataAdmin:       []byte(cr.MetadataAdmin),
 		MetadataPublic:      []byte(cr.MetadataPublic),
+		OrganizationID:      cr.OrganizationID,
 	}
 	// Lowercase all emails, because the schema extension will otherwise not find them.
 	for k := range i.VerifiableAddresses {
diff --git a/identity/handler_test.go b/identity/handler_test.go
index 0b9b6ec2f3b2..56396d2f2044 100644
--- a/identity/handler_test.go
+++ b/identity/handler_test.go
@@ -191,6 +191,20 @@ func TestHandler(t *testing.T) {
 		}
 	})
 
+	t.Run("case=should create an identity with an organization ID", func(t *testing.T) {
+		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
+			t.Run("endpoint="+name, func(t *testing.T) {
+				orgID := uuid.NullUUID{x.NewUUID(), true}
+				i := identity.CreateIdentityBody{
+					Traits:         []byte(`{"bar":"baz"}`),
+					OrganizationID: orgID,
+				}
+				res := send(t, ts, "POST", "/identities", http.StatusCreated, &i)
+				assert.EqualValues(t, orgID.UUID.String(), res.Get("organization_id").String(), "%s", res.Raw)
+			})
+		}
+	})
+
 	t.Run("case=should be able to import users", func(t *testing.T) {
 		ignoreDefault := []string{"id", "schema_url", "state_changed_at", "created_at", "updated_at"}
 		t.Run("without any credentials", func(t *testing.T) {