Currently, Tapis services, such as the Pods service, need to create OAuth clients for users in different tenants, but using a service account token and the xtapis variables results in creating clients in the admin tenant because the xtapis variables are effectively ignored. The ultimate issue appears to be the use of g.tenant_id instead of g.request_tenant_id, e.g., in various controllers and in the get_derived_values() function within the models. We need to sweep across the code base and check any uses of g.tenant_id.
Currently, Tapis services, such as the Pods service, need to create OAuth clients for users in different tenants, but using a service account token and the xtapis variables results in creating clients in the admin tenant because the xtapis variables are effectively ignored. The ultimate issue appears to be the use of
g.tenant_idinstead ofg.request_tenant_id, e.g., in various controllers and in the get_derived_values() function within the models. We need to sweep across the code base and check any uses ofg.tenant_id.