Improve organization user check

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAOImpl.java

@@ -3117,7 +3117,7 @@ public Set<AccessTokenDO> getAccessTokensByBindingRef(String bindingRef) throws
                             }
                             /* Tenant domain of the application is set as the authenticated user tenant domain for the
                                 organization SSO login users. */
-                            if (user.isOrganizationSSOUser()) {
+                            if (user.isOrganizationUser()) {
                                 user.setTenantDomain(OAuth2Util.getTenantDomain(IdentityTenantUtil.getLoginTenantId()));
                             }
                             Timestamp issuedTime = resultSet

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/TokenManagementDAOImpl.java

@@ -216,7 +216,7 @@ public RefreshTokenValidationDataDO validateRefreshToken(String consumerKey, Str
                     }
                     /* Tenant domain of the application is set as the authenticated user tenant domain for the
                         organization SSO login users. */
-                    if (user.isOrganizationSSOUser()) {
+                    if (user.isOrganizationUser()) {
                         user.setTenantDomain(IdentityTenantUtil.getTenantDomainFromContext());
                     }
                     validationDataDO.setAuthorizedUser(user);

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java

@@ -160,7 +160,7 @@ private Map<String, Object> getUserClaimsInOIDCDialect(OAuthTokenReqMessageConte
         // Map<(http://wso2.org/claims/email, email), "[email protected]">
         Map<ClaimMapping, String> userAttributes = getCachedUserAttributes(requestMsgCtx);
         if (userAttributes.isEmpty() && (isLocalUser(requestMsgCtx.getAuthorizedUser())
-                || isOrganizationSsoUserSwitchingOrganization(requestMsgCtx.getAuthorizedUser()))) {
+                || isOrganizationUserSwitchingOrganization(requestMsgCtx.getAuthorizedUser()))) {
             if (log.isDebugEnabled()) {
                 log.debug("User attributes not found in cache against the access token or authorization code. " +
                         "Retrieving claims for local user: " + requestMsgCtx.getAuthorizedUser() + " from userstore.");
@@ -657,16 +657,16 @@ private Map<String, String> getUserClaimsInLocalDialect(String username,
     }
 
     /**
-     * Check whether an organization SSO user is trying to switch the organization.
+     * Check whether a user managed by an organization is trying to switch to another organization.
      *
      * @param authorizedUser authorized user from the token request.
-     * @return true if an organization SSO user is trying to switch the organization.
+     * @return true if an organization user is trying to switch to another organization.
      */
-    private boolean isOrganizationSsoUserSwitchingOrganization(AuthenticatedUser authorizedUser) {
+    private boolean isOrganizationUserSwitchingOrganization(AuthenticatedUser authorizedUser) {
 
-        /* When accessing organization is different to the resident organization, it means the user is trying to switch
-           the organization. */
-        return authorizedUser.isOrganizationSSOUser() &&
+        /* For an organization user, when accessing organization is different to the resident organization,
+           it means the user is trying to switch to different organization. */
+        return authorizedUser.isOrganizationUser() &&
                 !authorizedUser.getUserResidentOrganization().equals(authorizedUser.getAccessingOrganization());
     }