In my company, we have 3 tenants, one for each environment (dev, stage, prod). The auth URL for the tenants are like https://mycompany-dev.eu.auth0.com , etc. We just discovered that we can send password grant requests to https://mycompany-prod.eu.auth0.com , with a client ID from the dev tenant. H…

Auth0 client can authenticate to another tenant??

ieuan.jenkins June 3, 2020, 12:31pm 2

Sounds like the same issue we’ve encountered here:

1 Like

Topic		Replies	Views
Auth0 not respecting multi-tenancy Get Help jwt , api , multi-tenant	3	3386	March 24, 2020
Tenants are not isolated by domain (URL)? Get Help url , tenant , domains	3	4909	February 9, 2019
Logs in multi tenant application Get Help jwt , auth0 , hooks	0	1436	December 27, 2022
Safety of multi-tenant app and authorization Get Help jwt , id_token , multi-tenant	1	3281	August 6, 2019
Handling Multi Tenancy + Multiple Customer Facing Environments Get Help multi-tenant	5	3709	May 26, 2021