We are adding a second instance (possibly more) to our app for data sovereignty reasons, but don’t want to complicate the native and web apps with an instance selector, or separate versions of the apps on the app stores since it should be transparent to the customers.
We are not sure if the best way to manage this is to add a claim that a reverse proxy can use to route traffic, or whether we should add an audience to the user’s token dynamically.
We could just add request tokens for each api, but then we won’t know which URI to use on the client and would need to do additional checks in the API.
Which of these scenarios is easier/more maintainable? Is there a third, better option we should be using instead?