Next.js Multi-tenant web app - auth0 rules vs application

madeinspace · August 24, 2020, 11:33am

Hi all,

I have a multi-tenant web application (Next.js) with domains expressed like this:

What is the recommended way of authenticating users based on the path?

ie: How to handle a user that is logged in as tenant1 but navigates to tenant2’s secured page?

Do you do that at the auth0 level with a rule that would detect the context and matches it with a permission or an app_metadata setting for example?

Or do you deal with this situation at the app level?

What’s best practice? Thank you.

madeinspace · August 28, 2020, 3:28am

After a bit of research I’ve decided to go the Auth extension route and give my tenants permissions/role that I will parse inside my app through app_metadata using a rule attaching the app_metadata to the user object.

Next step is to create some logic at the app level.

Topic		Replies	Views
Role-Based routing on my Next.js application Help user-authorization-rbac , directory-authorization	0	2662	March 2, 2023
Nextjs-auth0 - how to redirect after logout in a multi tenant app Help	2	4204	May 4, 2023
Implementing RBAC with Next.js SDK Help user-profile , user-management	2	2215	January 31, 2023
Next.js SDK - matching Auth0 users to internal API users Help nextjs	0	1820	February 1, 2022
Moving from @auth0/auth0-spa-js to @auth0/nextjs-auth0, stuck on RBAC Help nextjs	3	2160	December 12, 2022

Next.js Multi-tenant web app - auth0 rules vs application

Related Topics