Hello,
I have a working tenant 1 which has :
- one application configured
- one DB of users created in auth0.
- one custom domain and an API created.
Everything works properly and we can use the authentication part.
Based on this DB created, we want to have another 2 authentication flows
(for dev & staging) using the same DB from tenant 1, but we don’t want to
have access across all flows( ex: being logged in to prod, to not have
access to dev or staging).
From what I have tried creating 2 applications on the same tenant maintain
the accessibility from one app to another.
Having multiple tenants I cannot use the same DB ( or i didn’t found a solution for this maybe a guideline will be great).
It’s possible to use the same auth0 DB on multiple tenants to have different accessToken by env? Or is possible to create some condition on the same tenant to generate different acessTokens for each application?
Kind regards,
Nicu
Hi @nicu.campian
First, why do you need to use production user credentials in staging and dev? This is probably not a good idea.
But if you really want to, there’s a couple of ways to do this.
You can host your credentials in an external database and use an Auth0 Custom Database (with scripts) to access the external database. The external database could then be shared across multiple tenants, but logging in to Prod does not automatically log you in to Staging. See here:Create Custom Database Connections
The drawback is you are now hosting passwords and must be responsible for handling them safely.
You can also have the Prod tenant have the database and use an Auth0 Custom Database in staging and dev to connect to the prod tenant. With this approach, you are not hosting passwords. But, each login in Dev or Staging will count twice against your MAU total, as you log in to Dev, and that uses the custom DB connection to log into prod. If you are doing a lot of logins from dev and staging (with different users) then this will impact you.
John
Hi John,
Thanks for reply, yes the Custom Database Connection will not work for us, since is a security concern. Can you elaborate more the second approach? How can i login from dev or staging to prod, regardless of MAU.
Kind regards,
Nicu
Hi @nicu.campian
To do the second approach, you just use ROPG (resource owner password grant) against the production tenant. See the docs here for ROPG:
https://auth0.com/docs/api/authentication#resource-owner-password
It is done via custom DB as well.
John