fix: check tenant when creating session

CHANGELOG.md

@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+- Adds new response for `/appid-<appId>/<tenantId>/recipe/session` when the user is not in the tenant
+
 ## [5.1.1]
 
 - Fixes response schema of thirdparty signInUp POST

api_spec.yaml

@@ -3161,18 +3161,27 @@ paths:
           content:
             application/json:
                 schema:
-                  type: object
-                  properties:
-                    status:
-                      $ref: '#/components/schemas/statusOK'
-                    session:
-                      $ref: '#/components/schemas/session'
-                    accessToken:
-                      $ref: '#/components/schemas/cookieInfo'
-                    refreshToken:
-                      $ref: '#/components/schemas/cookieInfo'
-                    antiCsrfToken:
-                      $ref: '#/components/schemas/token'
+                  oneOf:
+                    - type: object
+                      properties:
+                        status:
+                          $ref: '#/components/schemas/statusOK'
+                        session:
+                          $ref: '#/components/schemas/session'
+                        accessToken:
+                          $ref: '#/components/schemas/cookieInfo'
+                        refreshToken:
+                          $ref: '#/components/schemas/cookieInfo'
+                        antiCsrfToken:
+                          $ref: '#/components/schemas/token'
+
+                    - type: object
+                      properties:
+                        status: 
+                          type: string
+                          enum: ['USER_DOES_NOT_BELONG_TO_TENANT_ERROR']
+                        message:
+                          type: string
 
         '400':
           $ref: '#/components/responses/400'