In my company, we have 3 tenants, one for each environment (dev, stage, prod). The auth URL for the tenants are like https://mycompany-dev.eu.auth0.com , etc. We just discovered that we can send password grant requests to https://mycompany-prod.eu.auth0.com , with a client ID from the dev tenant. H…

Auth0 client can authenticate to another tenant??

ieuan.jenkins June 3, 2020, 12:31pm 2

Sounds like the same issue we’ve encountered here:

1 Like

Topic		Replies	Views
Auth0 not respecting multi-tenancy Get Help jwt , api , multi-tenant	3	3419	March 24, 2020
Cross domain authentication using the password grant flow Get Help authentication-api , password-grant , security-questions	2	4204	August 20, 2019
Auth0 cli unable to login with different tenant Get Help management-api , tenants	1	379	May 29, 2024
Multitenant application - identifying the tenant during login Get Help	2	13155	September 6, 2018
Tenants are not isolated by domain (URL)? Get Help url , tenant , domains	3	4924	February 9, 2019