My client has 2 applications (react SPAs + node apis). For the second application we have used auth0 to store our users. Now I am needing to migrate the first applications users to auth0, which is no problem.
My issue is the users can be associated to one or many companies. I’m trying to figure out the best way to handle this. My initial solutions are
- use auth0 organizations - this seemed overkill to me
- use authorization extension and groups - this didn’t seem like the right tool to me. groups seemed more like groups of users under a single company.
- have a separate DB that housed the companies and which companies were tied to which users.
- tying users to companies through user metadata - this sort of made sense to me, but I’m unsure how I would store company metadata like company name.
I guess I am kind of leaning towards #3 with a separate DB and probably a separate API to manage that DB that can be used by both applications.
Is there an approach or auth0 tool I am missing? Or is this a common approach for this situation.
Thank you very much