Auth0 Home Blog Docs

How to integrate multi-tenant app with third party application?

I built a multi-tenant SaaS application which I would like to integrate with Microsoft Flow.

I have a NodeJS backend which is registered as an API in Auth0 and an Angular SPA which is registered as an Application. User permissions are saved in user’s app_metadata property which is populated to the access token via a rule to then do application layer authorization in the NodeJS backend. This works fine.

Now I would like to enable users to integrate with Microsoft Flow:

I tried this with different application types (Regular Web Application, Machine to Machine Application) and was able to authenticate. The problem is that I do not get the user’s app_metadata with the access token which I need for authorization.

I would like to know

  1. Why does the rule not apply?
  2. Which application type should I use for a scenario like this?
  3. Should I create one application for each tenant (not talking about Auth0 tenants!)
  4. How can I provide user/tenant information to the NodeJS backend for authorization (ideally user’s app_metadata)?