The authenticated user from the previous step is not passed to the custom authentication service engaged in a second step when it comes to sub orgs

[malithie]

Description

2FA custom authentications extensions are designed such that they can be engaged only at a second step or later in the authentication flow.
And for user authentication these authenticators rely on the user passed in the request from IS to the authentication service.

{ "actionType": "AUTHENTICATION", ... "user": { "id": "9f1ab106-ce85-46b1-8f41-6a071b54eb56", "sub": "[email protected]", "userIdentitySource": "LOCAL" }, ... }

However, when it comes to sub org level login flow, this user object is not communicated in the request for the authentication service that gets engaged in the second step.
And if the authenticator is a 2FA authenticator, then it has no means to resolve the user.

Steps to Reproduce

1. Create an app in root and share with sub orgs.
2. Create a sub org, and create a local, 2FA custom authenticator in the sub org
3. In the app login flow engage the authenticator in the second step (Use basic or any other authenticator in the first step)
4. Note as the authenticator in the second step gets engaged it does no receive the user property in the request

Version

IS 7.1

Environment Details (with versions)

No response