I have a multi-tenant web application (Next.js) with domains expressed like this:
What is the recommended way of authenticating users based on the path?
ie: How to handle a user that is logged in as tenant1 but navigates to tenant2’s secured page?
Do you do that at the auth0 level with a rule that would detect the context and matches it with a permission or an app_metadata setting for example?
Or do you deal with this situation at the app level?
What’s best practice? Thank you.