2fa policy check working

src/app/auth/resource/[resourceGuid]/page.tsx

@@ -22,6 +22,8 @@ import { headers } from "next/headers";
 import { GetLoginPageResponse } from "@server/routers/loginPage/types";
 import { GetOrgTierResponse } from "@server/routers/billing/types";
 import { TierId } from "@server/lib/billing/tiers";
+import { CheckOrgUserAccessResponse } from "@server/routers/org";
+import OrgPolicyRequired from "@app/components/OrgPolicyRequired";
 
 export const dynamic = "force-dynamic";
 
@@ -136,6 +138,34 @@ export default async function ResourceAuthPage(props: {
         );
     }
 
+    const cookie = await authCookieHeader();
+
+    // Check org policy compliance before proceeding
+    let orgPolicyCheck: CheckOrgUserAccessResponse | null = null;
+    if (user && authInfo.orgId) {
+        try {
+            const policyRes = await internal.get<
+                AxiosResponse<CheckOrgUserAccessResponse>
+            >(`/org/${authInfo.orgId}/user/${user.userId}/check`, cookie);
+
+            orgPolicyCheck = policyRes.data.data;
+        } catch (e) {
+            console.error(formatAxiosError(e));
+        }
+    }
+
+    // If user is not compliant with org policies, show policy requirements
+    if (orgPolicyCheck && !orgPolicyCheck.allowed && orgPolicyCheck.policies) {
+        return (
+            <div className="w-full max-w-md">
+                <OrgPolicyRequired
+                    orgId={authInfo.orgId}
+                    policies={orgPolicyCheck.policies}
+                />
+            </div>
+        );
+    }
+
     if (!hasAuth) {
         // no authentication so always go straight to the resource
         redirect(redirectUrl);
@@ -151,7 +181,7 @@ export default async function ResourceAuthPage(props: {
             >(
                 `/resource/${authInfo.resourceId}/get-exchange-token`,
                 {},
-                await authCookieHeader()
+                cookie
             );
 
             if (res.data.data.requestToken) {