Different type of users that can overlap

Help
,
1

Hi :),

I am evaluating Auth0 but having a hard time understanding how I should model my app. To keep it simple, we have “merchants” and “customers” user types.

Merchants are able to create their own account and create offers. They have access to their own admin on separate URL.
On the other hand, customers can also create their own account and subscribe to those offers. They have their own admin URL.

However, a merchant who create their account “test@gmail.com” should also be able to create their own, distinct account as a customer (where they would also use the test@gmail.com email).

A merchant who created their account can’t access as a “customer” unless they create a different account, and vice-versa.

However, both users actually interact with the same API (and I would like to dissociate, based on the JWT token, the “type” of user).

From what I understand, the only approach here would be create two tenants: one “merchant” and one “customers”. I thought of using one tenant only, and create two applications, but if a user is created, they will be have an account for both, correct?

Sorry if those questions sound stupid, but the documentation is really complex, I’m a bit lost between all the concepts.

2

I did some more research but I have been even more confused now. I found that another approach possible would be to create two API (for instance “Merchant” and “Customer”). When doing the authorization for one or the other this would return a different JWT token allowing me to figure out if the user is being logged as a merchant or a customer.

The issue is that creating two API requires to set two endpoints, but in my case they are the same.

Would actually creating two applications (Merchant/Customer) with one API is the valid approach here? And then feeding a different clientID when authenticating?

EDIT: I somehow managed to make this work, but the issue is that if a user registers first as a “customer”, and later on decide to create an account as a “merchant”, they will automatically be identified as the customer URL (probably they want to use a different email, maybe their business one ; rather than their personal one). So I think that in this use case where the two users are vastly different, the multi-tenants approach is correct,no?