How to integrate multi-tenant app with third party application?

I built a multi-tenant SaaS application which I would like to integrate with Microsoft Flow.

I have a NodeJS backend which is registered as an API in Auth0 and an Angular SPA which is registered as an Application. User permissions are saved in user’s app_metadata property which is populated to the access token via a rule to then do application layer authorization in the NodeJS backend. This works fine.

Now I would like to enable users to integrate with Microsoft Flow:

I tried this with different application types (Regular Web Application, Machine to Machine Application) and was able to authenticate. The problem is that I do not get the user’s app_metadata with the access token which I need for authorization.

I would like to know

  1. Why does the rule not apply?
  2. Which application type should I use for a scenario like this?
  3. Should I create one application for each tenant (not talking about Auth0 tenants!)
  4. How can I provide user/tenant information to the NodeJS backend for authorization (ideally user’s app_metadata)?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?