Auth0 tenant by environment : How a user from UAT can access a Staging api

alexandre.marlot · March 24, 2021, 11:21am

Hello everyone,

We would like to implement auth0 but are looking for the best design approch.
We have 4 environments :

Production
Staging
UAT
Sandbox

From our understanding, the best practices is to have one Auth0 tenant by env so it means having 4 auth0 tenants. Indeed we store some internal data into app_metadata and it doesn’t make sense a backoffice application can connect to production auth0 tenant (if we use only one tenant).
Note : We store some information from app_metadata to the JWT Token.

It will work fine.

We have several applications and some in UAT can calls Staging environement for others applications. (As staging is more stable and more reliable than UAT).

So if i can connect to UAT, in our web app, we should be able to call with the same jwt token some API in staging.

But i don’t think it is possible with different Auth0 tenant. Or if yes can we do it easily ? Or it is absolutly stupid.

Thanks in advance,
Alexandre

Ale · March 25, 2021, 1:39pm

Welcome to the Auth0 Community, @alexandre.marlot!

As far as I know, you can’t do that, at least not easily since calling two different Auth0 tenants with the same Access Token would imply two different audiences for an Access Token. (Multiple custom API audiences for the same Access Token is not supported)

You can read more about this topic here: https://auth0.com/docs/tokens/access-tokens/get-access-tokens#control-access-token-audience