fix: clarify IdP validation messages across policy flows

Bumps the dev-minor-updates group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@dotenvx/dotenvx](https://github.com/dotenvx/dotenvx) | `1.69.1` | `1.71.3` |
| [@react-email/ui](https://github.com/resend/react-email/tree/HEAD/packages/ui) | `6.5.0` | `6.6.0` |
| [@tanstack/react-query-devtools](https://github.com/TanStack/query/tree/HEAD/packages/react-query-devtools) | `5.100.14` | `5.101.0` |
| [esbuild-node-externals](https://github.com/pradel/esbuild-node-externals) | `1.22.0` | `1.23.1` |
| [eslint](https://github.com/eslint/eslint) | `10.4.0` | `10.5.0` |
| [react-email](https://github.com/resend/react-email/tree/HEAD/packages/react-email) | `6.5.0` | `6.6.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.0` | `8.61.0` |



Updates `@dotenvx/dotenvx` from 1.69.1 to 1.71.3
- [Release notes](https://github.com/dotenvx/dotenvx/releases)
- [Changelog](https://github.com/dotenvx/dotenvx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dotenvx/dotenvx/compare/v1.69.1...v1.71.3)

Updates `@react-email/ui` from 6.5.0 to 6.6.0
- [Release notes](https://github.com/resend/react-email/releases)
- [Changelog](https://github.com/resend/react-email/blob/canary/packages/ui/CHANGELOG.md)
- [Commits](https://github.com/resend/react-email/commits/@react-email/ui@6.6.0/packages/ui)

Updates `@tanstack/react-query-devtools` from 5.100.14 to 5.101.0
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query-devtools/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query-devtools@5.101.0/packages/react-query-devtools)

Updates `esbuild-node-externals` from 1.22.0 to 1.23.1
- [Release notes](https://github.com/pradel/esbuild-node-externals/releases)
- [Commits](https://github.com/pradel/esbuild-node-externals/compare/esbuild-node-externals-v1.22.0...esbuild-node-externals-v1.23.1)

Updates `eslint` from 10.4.0 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.4.0...v10.5.0)

Updates `react-email` from 6.5.0 to 6.6.0
- [Release notes](https://github.com/resend/react-email/releases)
- [Changelog](https://github.com/resend/react-email/blob/canary/packages/react-email/CHANGELOG.md)
- [Commits](https://github.com/resend/react-email/commits/react-email@6.6.0/packages/react-email)

Updates `typescript-eslint` from 8.60.0 to 8.61.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@dotenvx/dotenvx"
  dependency-version: 1.71.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@react-email/ui"
  dependency-version: 6.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: "@tanstack/react-query-devtools"
  dependency-version: 5.101.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: esbuild-node-externals
  dependency-version: 1.23.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: react-email
  dependency-version: 6.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: typescript-eslint
  dependency-version: 8.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>

package.json

@@ -136,11 +136,11 @@
         "zod-validation-error": "5.0.0"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.69.1",
+        "@dotenvx/dotenvx": "1.71.3",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/ui": "^6.5.0",
-        "@tailwindcss/postcss": "4.3.1",
-        "@tanstack/react-query-devtools": "5.100.14",
+        "@react-email/ui": "^6.6.0",
+        "@tailwindcss/postcss": "4.3.0",
+        "@tanstack/react-query-devtools": "5.101.0",
         "@types/better-sqlite3": "7.6.13",
         "@types/cookie-parser": "1.4.10",
         "@types/cors": "2.8.19",
@@ -151,7 +151,7 @@
         "@types/jmespath": "0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.9.3",
+        "@types/node": "25.9.1",
         "@types/nodemailer": "8.0.0",
         "@types/nprogress": "0.2.3",
         "@types/pg": "8.20.0",
@@ -165,21 +165,21 @@
         "@types/yargs": "17.0.35",
         "babel-plugin-react-compiler": "1.0.0",
         "drizzle-kit": "0.31.10",
-        "esbuild": "0.28.1",
-        "esbuild-node-externals": "1.22.0",
-        "eslint": "10.4.0",
-        "eslint-config-next": "16.2.9",
+        "esbuild": "0.28.0",
+        "esbuild-node-externals": "1.23.1",
+        "eslint": "10.5.0",
+        "eslint-config-next": "16.2.6",
         "postcss": "8.5.15",
-        "prettier": "3.8.4",
-        "react-email": "6.5.0",
-        "tailwindcss": "4.3.1",
+        "prettier": "3.8.3",
+        "react-email": "6.6.0",
+        "tailwindcss": "4.3.0",
         "tsc-alias": "1.8.17",
-        "tsx": "4.22.4",
+        "tsx": "4.22.3",
         "typescript": "6.0.3",
-        "typescript-eslint": "8.60.0"
+        "typescript-eslint": "8.61.0"
     },
     "overrides": {
-        "esbuild": "0.28.1",
+        "esbuild": "0.28.0",
         "dompurify": "3.4.0",
         "postcss": "8.5.15"
     }

server/lib/blueprints/resourcePolicies.ts

@@ -74,20 +74,33 @@ export async function updateResourcePolicies(
             const [provider] = await trx
                 .select()
                 .from(idp)
-                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
-                .where(
-                    and(
-                        eq(idp.idpId, policyData["auto-login-idp"]),
-                        eq(idpOrg.orgId, orgId)
-                    )
-                )
+                .where(eq(idp.idpId, policyData["auto-login-idp"]))
                 .limit(1);
 
             if (!provider) {
                 throw new Error(
-                    `Identity provider not found for policy '${policyNiceId}' in this organization`
+                    `Identity provider not found for policy '${policyNiceId}'`
                 );
             }
+
+            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+                const [providerOrg] = await trx
+                    .select()
+                    .from(idpOrg)
+                    .where(
+                        and(
+                            eq(idpOrg.idpId, policyData["auto-login-idp"]),
+                            eq(idpOrg.orgId, orgId)
+                        )
+                    )
+                    .limit(1);
+
+                if (!providerOrg) {
+                    throw new Error(
+                        `Identity provider not found for policy '${policyNiceId}' in this organization`
+                    );
+                }
+            }
         }
 
         // Look up the admin role

server/private/routers/policy/createResourcePolicy.ts

@@ -207,18 +207,39 @@ export async function createResourcePolicy(
             const [provider] = await db
                 .select()
                 .from(idp)
-                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
-                .where(and(eq(idp.idpId, skipToIdpId), eq(idpOrg.orgId, orgId)))
+                .where(eq(idp.idpId, skipToIdpId))
                 .limit(1);
 
             if (!provider) {
                 return next(
                     createHttpError(
                         HttpCode.INTERNAL_SERVER_ERROR,
-                        "Identity provider not found in this organization"
+                        "Identity provider not found"
                     )
                 );
             }
+
+            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+                const [providerOrg] = await db
+                    .select()
+                    .from(idpOrg)
+                    .where(
+                        and(
+                            eq(idpOrg.idpId, skipToIdpId),
+                            eq(idpOrg.orgId, orgId)
+                        )
+                    )
+                    .limit(1);
+
+                if (!providerOrg) {
+                    return next(
+                        createHttpError(
+                            HttpCode.INTERNAL_SERVER_ERROR,
+                            "Identity provider not found in this organization"
+                        )
+                    );
+                }
+            }
         }
 
         const adminRole = await db

server/routers/policy/setResourcePolicyAccessControl.ts

@@ -107,20 +107,36 @@ export async function setResourcePolicyAccessControl(
             const [provider] = await db
                 .select()
                 .from(idp)
-                .innerJoin(idpOrg, eq(idpOrg.idpId, idp.idpId))
-                .where(
-                    and(eq(idp.idpId, idpId), eq(idpOrg.orgId, policy.orgId))
-                )
+                .where(eq(idp.idpId, idpId))
                 .limit(1);
 
             if (!provider) {
                 return next(
                     createHttpError(
                         HttpCode.INTERNAL_SERVER_ERROR,
-                        "Identity provider not found in this organization"
+                        "Identity provider not found"
                     )
                 );
             }
+
+            if (process.env.IDENTITY_PROVIDER_MODE === "org") {
+                const [providerOrg] = await db
+                    .select()
+                    .from(idpOrg)
+                    .where(
+                        and(eq(idpOrg.idpId, idpId), eq(idpOrg.orgId, policy.orgId))
+                    )
+                    .limit(1);
+
+                if (!providerOrg) {
+                    return next(
+                        createHttpError(
+                            HttpCode.INTERNAL_SERVER_ERROR,
+                            "Identity provider not found in this organization"
+                        )
+                    );
+                }
+            }
         }
 
         // Check if any of the roleIds are admin roles