I’ve reconfigured my application to be multi-tenant. It’s working well(ish), but I need to make significant improvements to managing Authorization.
I see a structure with a Tenant table, a TenantUser table, and a TenantPermission table (or maybe TenantRole) in addition to User, Permission, Role. I’d like to have the entirety of a users Authorization (even across multiple tenants) come back as Claims in the JWT if possible,.
My question is has anyone used Auth0 in a scenario like this? We’re using OIDC for Authentication with JWT passed in to our microservices. I believe I could extend/customize Auth0 to support our slightly more complex Authorization model, but I don’t like the idea of having extra code handling this feature outside of our normal code base.
So - any thoughts or tips from you folks who have done this?