A question about implementing multi tenancy with the multiple connections strategy.
When a user wants to login into my product, I ask him for a tenant name (e.g. acme).
Let’s say for simplicity that I create database connections that are named exactly like the tenant, so I go into the login flow with the database connection name acme.
After the user has authenticated in Auth0 is will return to my app with the id_token/access_token - however - these do not include the name of the connection used for authentication nor the tenant name.
How do I then know, from which tenant the user is?
Seems like that whole flow is completely broken.
one main question here is: can the user potentially be part of multiple tenants or not? If he can be part of multiple tenants, and you only want to give the user one account / set of credentials, for all tenants he has access to (SSO so to speak), then you can refer to one of the approaches mentioned here:
When a user wants to login into my product, I ask him for a tenant name (e.g. acme).
Do you ask this within your application, before doing the authorization request to Auth0? Are you asking this in the form of a text input field (like in the Slack example provided in the link above?)
If so, note that you can pass this information to Auth0 as a parameter in the authorization request. Search for upstream_param or extraParams here in the forum and you’ll find examples.
Thanks, we ended up using different client for different tenants, each of these clients with a different connection.
We also used rules & client metadata in order to send the tenant id in a signed manner in the JWT token.
This seems to be working well.
I do think that current documentation in the area of how to implement multi tenancy is lacking and is only high level without any examples - would definitely love to see that gets better.
Thanks for you answers they were very helpful!
Roy.