adobe · telegrapher · Apr 1, 2026 · Apr 1, 2026
diff --git a/cmd/authz/client.go b/cmd/authz/client.go
@@ -39,6 +39,7 @@ func ClientCredentialsCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringVarP(&imsConfig.ClientID, "clientID", "c", "", "IMS client ID.")
 	cmd.Flags().StringVarP(&imsConfig.ClientSecret, "clientSecret", "p", "", "IMS client secret.")
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", []string{}, "Scopes to request.")
+	cmd.Flags().StringVarP(&imsConfig.Organization, "organization", "o", "", "IMS Organization.")
 
 	return cmd
 }
diff --git a/cmd/integration_test.go b/cmd/integration_test.go
@@ -522,6 +522,41 @@ func TestCommandSpecific_AdminGuidAuthSrc(t *testing.T) {
 	}
 }
 
+func TestCommandSpecific_ClientCredentialsOrgID(t *testing.T) {
+	srv, rlog := newMockIMS(t)
+	empty := writeConfigFile(t, "")
+	_, _, err := execCmd(t, "authorize", "clientCredentials",
+		"--url", srv.URL, "--configFile", empty,
+		"--clientID", "cid",
+		"--clientSecret", "sec",
+		"--scopes", "openid",
+		"--organization", "my-org")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	got := rlog.capturedRequest
+	if got.Form["org_id"] != "my-org" {
+		t.Errorf("org_id = %q, want %q", got.Form["org_id"], "my-org")
+	}
+}
+
+func TestCommandSpecific_ClientCredentialsNoOrgID(t *testing.T) {
+	srv, rlog := newMockIMS(t)
+	empty := writeConfigFile(t, "")
+	_, _, err := execCmd(t, "authorize", "clientCredentials",
+		"--url", srv.URL, "--configFile", empty,
+		"--clientID", "cid",
+		"--clientSecret", "sec",
+		"--scopes", "openid")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	got := rlog.capturedRequest
+	if _, ok := got.Form["org_id"]; ok {
+		t.Errorf("org_id should not be present in request, got %q", got.Form["org_id"])
+	}
+}
+
 // ---------- 6. API version flags ----------
 
 func TestAPIVersion_Routing(t *testing.T) {

diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ go 1.23.0
 toolchain go1.26.1
 
 require (
-	github.com/adobe/ims-go v0.20.0
+	github.com/adobe/ims-go v0.21.0
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	github.com/spf13/cobra v1.10.2
 	github.com/spf13/viper v1.21.0

diff --git a/go.sum b/go.sum
@@ -1,5 +1,7 @@
 github.com/adobe/ims-go v0.20.0 h1:M1OyF9xWLgsTVGbZ+c+G0EbPGpPhXQiPuLEdanNyaRo=
 github.com/adobe/ims-go v0.20.0/go.mod h1:zGpx0ylsumBjkgd8fYgzJ8+Ci/zFABiBTAxbCscsyR8=
+github.com/adobe/ims-go v0.21.0 h1:Y0uBT0Fho54ZXhVY0wvT6FUGrM3OEg4J4aJb0fUQdKQ=
+github.com/adobe/ims-go v0.21.0/go.mod h1:zGpx0ylsumBjkgd8fYgzJ8+Ci/zFABiBTAxbCscsyR8=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

diff --git a/ims/authz_client.go b/ims/authz_client.go
@@ -50,6 +50,7 @@ func (i Config) AuthorizeClientCredentials() (string, error) {
 		ClientSecret: i.ClientSecret,
 		Scope:        i.Scopes,
 		GrantType:    "client_credentials",
+		OrgID:        i.Organization,
 	})
 	if err != nil {
 		return "", fmt.Errorf("error requesting token: %w", err)