Auth0 Home Blog Docs

Sandbox Auth0 Database Connection

database
connections
clients
database-store

#1

Hey everybody – new Auth0 user here.

We’re trying to move our entire universe over to Auth0, including our dev, staging, and production environments.

For cleanliness and safety, we want to sandbox these stages; someone who registers an account with one should not automatically have a login to another.

I feel like I almost have this working, but I’m missing something silly.

I’ll create a new client (dev-client), and then create a new Auth0 database connection (dev-db) for only this client_id.

BUT when the new client is created, it also has access to all of our other Auth0 database connections, and it (often? always?) prefers one of the old connections to the one I just made for it.

If I make another client (stage-client), and another database connection (stage-db), that client also has access to my dev-db.

So, I’m just really thoroughly confused. I’m not sure why this happens, or how to stop it, or even if this is the best way to go about sandboxing apps. Does anybody have any pointers for how I can keep my apps from sharing users? I’d love to just disable whatever’s causing my apps to start by assuming they should share connections, but if I have to do a totally different workflow, I’m open to suggestions.

Thanks.


#2

Our recommended way to isolate your environments is to set up each on on a different account (e.g. myaccount-dev, myaccount-staging, myaccount). This is outlined here:
https://auth0.com/docs/dev-lifecycle/setting-up-env

If you have multiple clients and connections in a single tenant, you will need to make sure you disable the connections that aren’t relevant for the client from the client settings.

Dashboard > Clients > My App Staging (example) > Connections > Disable dev/production connections.

If you want to disable all connections by default you can disable the Enable Client Connections setting in the Advanced Account settings:

Account Settings > Advanced > Enable Client Connections


#3

Thanks @prashant – that’s obviously pretty disappointing to hear.

Is there any way to disable the extraneous connections from the API?

Where is the default behavior for which connections a new client inherits documented? (Or, if it’s easier, what is the default behavior for which connections a new client inherits?)


#4

Thanks @prashant – that’s obviously pretty disappointing to hear.

Is there any way to disable the extraneous connections from the API?
How do I use the API to get the list of connections for a client?

Where is the default behavior for which connections a new client inherits documented? (Or, if it’s easier, what is the default behavior for which connections a new client inherits?)


#5

@brian.lagoda please see my updated answer. We have the ability to disable all connections by default in the Advanced account settings. You can then explicitly enable the desired connection yourself, via the dashboard or the API by Updating the Connection with the client_id:

"enabled_clients": "KB3iW41kZguOPGYYWRxxxxxxxxxxxxx"]

#6