In my company, we have 3 tenants, one for each environment (dev, stage, prod). The auth URL for the tenants are like https://mycompany-dev.eu.auth0.com , etc. We just discovered that we can send password grant requests to https://mycompany-prod.eu.auth0.com , with a client ID from the dev tenant. H…

Auth0 client can authenticate to another tenant??

ieuan.jenkins June 3, 2020, 12:31pm 2

Sounds like the same issue we’ve encountered here:

1 Like

Topic		Replies	Views
Auth0 not respecting multi-tenancy Get Help jwt , api , multi-tenant	3	3414	March 24, 2020
Cross domain authentication using the password grant flow Get Help authentication-api , password-grant , security-questions	2	4195	August 20, 2019
Multitenant application - identifying the tenant during login Get Help	2	13090	September 6, 2018
Tenants are not isolated by domain (URL)? Get Help url , tenant , domains	3	4923	February 9, 2019
Auth0Lock one tenant works other don't Get Help jwt	4	3015	April 10, 2019