Hi, this is a great start to the feature set, and I’m looking forward to seeing what else can be done with it.
I’m wondering whether it would be possible to embed a user’s organization IDs into a JWT authorization token. One of the real advantages of switching from our current organization management implementation to Auth0’s would be remove the requirement for an additional look-up on this information when doing resource-based authorization. So “Does this authenticated entity (user, application, etc) have access to this org’s data?” is a question we want to answer not just at authentication time but at authorization time as well.
And along those lines, are there any plans in the works for associating an Auth0 “Application” with an Auth0 “Organization”? We leverage Auth0 to federate M2M access for our clients’ applications, and if we migrated to Auth0 organizations, it would be nice to have consistency across user access and machine access.
Thanks!
Jacob