wso2 · AfraHussaindeen · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024
diff --git a/.changeset/cold-parents-decide.md b/.changeset/cold-parents-decide.md
@@ -0,0 +1,5 @@
+---
+"@wso2is/console": patch
+---
+
+Fix issue for getting unauthorized for users without tenant association
diff --git a/apps/console/src/hooks/use-routes.tsx b/apps/console/src/hooks/use-routes.tsx
@@ -42,6 +42,7 @@ import { getAppViewRoutes } from "../configs/routes";
 export type useRoutesInterface = {
     filterRoutes: (
         onRoutesFilterComplete: () => void,
+        isUserTenantless: boolean,
         isFirstLevelOrg?: boolean
     ) => void;
 };
@@ -67,11 +68,12 @@ const useRoutes = (): useRoutesInterface => {
      * Filter the routes based on the user roles and permissions.
      *
      * @param onRoutesFilterComplete - Callback to be called after the routes are filtered.
+     * @param isUserTenantless - Indicates whether the user have any associated tenant.
      * @param isFirstLevelOrg - Is the current organization the first level organization.
      *
      * @returns A promise containing void.
      */
-    const filterRoutes = async (onRoutesFilterComplete: () => void): Promise<void> => {
+    const filterRoutes = async (onRoutesFilterComplete: () => void, isUserTenantless: boolean): Promise<void> => {
         if (
             isEmpty(allowedScopes) ||
             !featureConfig.applications ||
@@ -154,7 +156,7 @@ const useRoutes = (): useRoutesInterface => {
             dispatch(setDeveloperVisibility(false));
         }
 
-        if (sanitizedAppRoutes.length < 1) {
+        if (sanitizedAppRoutes.length < 1 && !isUserTenantless) {
             history.push({
                 pathname: AppConstants.getPaths().get("UNAUTHORIZED"),
                 search:

diff --git a/apps/console/src/protected-app.tsx b/apps/console/src/protected-app.tsx
@@ -117,7 +117,7 @@ export const ProtectedApp: FunctionComponent<AppPropsInterface> = (): ReactEleme
 
     const [ renderApp, setRenderApp ] = useState<boolean>(false);
     const [ routesFiltered, setRoutesFiltered ] = useState<boolean>(false);
-    const [ isRedirectingToTenantCreation, setRedirectingToTenantCreation ] = useState<boolean>(false);
+    const [ isUserTenantless, setIsUserTenantless ] = useState(undefined);
 
     useEffect(() => {
         dispatch(
@@ -232,10 +232,11 @@ export const ProtectedApp: FunctionComponent<AppPropsInterface> = (): ReactEleme
                         ? AppConstants.getAppHomePath()
                         : AuthenticationCallbackUrl;
 
+                setIsUserTenantless(false);
                 history.push(location);
             } else {
-                // If there is no assocation, the user should be redirected to creation flow.
-                setRedirectingToTenantCreation(true);
+                // If there is no association, the user should be redirected to creation flow.
+                setIsUserTenantless(true);
                 history.push({
                     pathname: AppConstants.getPaths().get(
                         "CREATE_TENANT"
@@ -350,12 +351,12 @@ export const ProtectedApp: FunctionComponent<AppPropsInterface> = (): ReactEleme
     }, [ state.isAuthenticated ]);
 
     useEffect(() => {
-        if (!state.isAuthenticated || isRedirectingToTenantCreation) {
+        if (!state.isAuthenticated || isUserTenantless === undefined) {
             return;
         }
 
-        filterRoutes(() => setRoutesFiltered(true), isFirstLevelOrg);
-    }, [ filterRoutes, state.isAuthenticated, isFirstLevelOrg, isRedirectingToTenantCreation ]);
+        filterRoutes(() => setRoutesFiltered(true), isUserTenantless, isFirstLevelOrg);
+    }, [ filterRoutes, state.isAuthenticated, isFirstLevelOrg, isUserTenantless ]);
 
     return (
         <SecureApp