Incorrect logic for generating the MyAccount URL

[pamodaaw]

Description

There is a util method to generate the MyAccount URL for the given organization[1]. This method gets the applications for the given organization by filtering with the MyAccount name and from the retrieved MyAccount application details accessUrl is retrieved.
If the MyAccount is not shared with the sub-orgs, the application object will be null and the URL will be built using the ServiceURLBuilder. Since the public URL of the application is considered within the ServiceURLBuilder, the generated URL is not tenant qualified.

This results in a wrong URL being generated as the URL of the MyAccount for the suborg.
Sample for a generated URL
https://localhost:9443/o/11612c9f-8597-4ea2-9f94-cea233b31b90/myaccount

Sample for the correct access URL for MyAccount
https://localhost:9443/t/wso2.com/o/11612c9f-8597-4ea2-9f94-cea233b31b90/myaccount

[1] https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-mgt/org.wso2.carbon.identity.mgt.endpoint.util/src/main/java/org/wso2/carbon/identity/mgt/endpoint/util/IdentityManagementEndpointUtil.java#L185

Steps to Reproduce

Create a suborg and trigger a password recovery for the suborg's login page.

In a password recovery flow, the user can return to the application once the password is reset successfully.

If the callbackUrl in the request is null by any chance, the user should be returned to the MyAccount. [1]

Redirected URL - https://localhost:9443/o/11612c9f-8597-4ea2-9f94-cea233b31b90/myaccount
Displayed Error

[1] https://github.com/wso2/identity-apps/blob/247fbd8aa9ed6877bbef51f15127a7c7cb8fdc13/identity-apps-core/apps/recovery-portal/src/main/webapp/recovery.jsp#L119

Version

wso2is-7.1.0-m7

Environment Details (with versions)

No response