I want to thank you for your time, I have reviewed the docs but not sure best practice for this specific scenario. I currently have a website that does its own Authentication/Authorization storing credentials in DB, I can’t migrate the existing site to Auth0 as there are a bunch of other ramifications. I also have a brand new API which I want to secure using Auth0.
Basically I want to be able to filter all Application DB calls within the API based on the current callers Tenant but do not want to have them Authenticate twice once against existing DB and Secondly for API access.
Here is the flow. User logins into website>username/pass in DB authenticates>associates TenantID for that user>Web site code calls tenant specific DB based on tenant Claim. We are adding a new Rest API but do not want to use the same auth mechanism hence Auth0. There will be a subset of pages in the site calling the new API but want the API to be aware of Tenant but authenticate using Auth0. There is a single backend but want to filter all DB calls based on a Tenant Identifier.
Any advise would be greatly appreciated.