Fix bad request

[VivekVinushanth]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email [email protected] to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Bug Fixes
  • Improved system token request handling for organization-level access by ensuring organization identifiers are properly included in token exchange requests. This enhances the reliability of organizational system token provisioning.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A single parameter, organizationId, was added to the form data payload when requesting a system app grant token for an organization. The underlying token exchange flow and logic remain unchanged.

Changes

Cohort / File(s)	Summary
Organization token request enhancement internal/system/client/identity_client.go	Added organizationId field to form data in fetchOrganizationToken method when requesting a system app grant token

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Single file with a straightforward field addition to form data
• No logic changes or new control flow to verify
• Minimal scope; confirm the parameter is correctly named and placed in the request payload

Poem

🐰 A token takes flight, with one more piece of knowledge,
The organizationId joins the grant's journey,
A whisker-twitch of clarity in the system's college! 🎩✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description contains only the template structure with placeholder text and no substantive content filled in across any of the required sections.	Complete all critical sections including Purpose (with issue link), Goals, Approach, Release note, and Security checks to provide adequate context for code review.
Title check	❓ Inconclusive	The title 'Fix bad request' is vague and generic, using non-specific terminology that doesn't convey the actual technical change made to the codebase.	Replace with a more descriptive title that captures the specific change, such as 'Add organizationId to system_app_grant token request' to clearly indicate what was fixed.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 968a546 and cade099.

📒 Files selected for processing (1)

• internal/system/client/identity_client.go (1 hunks)

🔇 Additional comments (1)

internal/system/client/identity_client.go (1)

172-172: LGTM! Verify that this resolves the bad request error.

The addition of organizationId to the form data is consistent with the exchange request at line 190 and appears to be the correct fix for the bad request issue mentioned in the PR title.

Please confirm:

1. This change resolves the "bad request" error that was occurring
2. The server's API documentation or specification requires this parameter for the system_app_grant flow

If you have access to the Identity Server API documentation for the system_app_grant endpoint, please verify that organizationId is a required or expected parameter.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}