I’m confused as to how best use auth0 to implement the following multi tenant scenario
- User logs in with Native App (WPF application) and is logged into specific tenant (or given a list if more than one available)
- Native App can call api to make requests. Api verifies that the user should have access to this tenant.
The api must of course be able to tell what tenants the user can interact with (the current tenant could be called using a host such as tenant1.somecompany.com but then the api needs to know that the current token is valid for tenant1)
Using the OIDC client and not explicitly specifying an audience, I can log in to the native client and look at the groups claim to determine what tenants the user is allowed to access, but the access token returned isn’t valid for the api. If I specify the api as the audience, I get a valid access token, and call the api but no claim information as to what tenants the user is allowed to access, and what permissions they have.
This article has some information but doesn’t describe a multi tenant scenario: mobile api
I’m really not even sure if an api is what I want for this scenario, the documentation is a little confusing. Essentially I want to create a multi tenant ASP.Net api with a WPF frontend
I hope that makes sense… feel free to ask if I haven’t clarified something.