Allow autoMapOrg works when the user has multiple org membership

[t83714]

Allow autoMapOrg works when the user has multiple org membership

We currently rely on org_name claim to auto map user org to Magda org.

When a user has multiple org membership, the Idp should shows an org selection screen after correct credential is supplied by the user and the user is required to select one org to complete the sign in process.

In this case, org_name claim of the user's ID token would be the name of org that the user selects during the sign in process.

For this OIDC auth plugin, we have two options to handle this situation:

• Option 1: update the orgUnitId field of the relevant Magda user record on the user's every sign in.
  • We will only need to maintain one Magda user record with orgUnitId changing depends on the user's selection.
  • Magda doesn't store all information of the user. e.g. we only know the user is associated with org at any point in time.
• Option 2: Map user's multiple org membership to multiple Magda user record
  • When the user select different org, he actually sign into different Magda account
  • We actually maintain multiple Magda user records for one Idp user. But Magda does store all information of the user.

Option 2 might be the preferred solution as it allow Magda to generate full picture of the user without querying Idp.