A simple question of design on which is the correct way of implementing multi application login.
In my recent project i have a scenario where two applications (multiple applications in future) requires different logins. I am using Password-Flow strategy. I made it to work but i do not know whether this is the correct way.
- I created an Application (App-A) with 1 API (Api-A).
- When user login using App-A (backend service called different application in Auth0 based on which backend service the user has called). Following successfull login Auth0 It generates a custom token for App-A and sends it to the user.
- Similarly i also created an another Application (App-B) with 1 API (Api-B).
- Similar to the previous one i called different login service in Auth0 based on which application the user login in from.
- I have a common custom DB connection, and also in the server the information about the user is in the same database table. But the only difference is based on different login application jwt tokens will have different information added to it.
Question:
- Do i create a new Auth0 database connection for different Auth0 application (same tennant) because on login query (Custom Database) i ask for different information which in-turn is added into app/user metadata.
- The above step is to enable me to create a customised jwt-token for different applications.
- Are the above steps the correct way of building when we have multiple application login using Auth0.
- I also have custom library (Actions → Library → Custom library) to create tokens for different application (get those info from app/user metadata). I have a question, can actions be added to different application in Auth0 or is for the whole tennant. i.e Since i have different application in Auth0 to support different logins, is it possible to attach different actions (in my case post login for creating custom token) based on which application calls the login service. Any leads will be much appreciated.