We’re starting to use auth0 as the main identity provider for all our users (signup and login using user/password, google, facebook, etc) within our product.
We also want to enable 3rd party applications to build on top of our APIs and for that to use the Oauth2 user consent flow, where our users give consent to use our APIs on their behalf.
We were thinking about separating these functionalities into 2 different tenants: 1 tenant is responsible only for all the internal workflows (where we will have our 1st party applications) and the other tenant only to create 3rd party applications (with custom actions and whatnot).
I have 2 questions here:
- Is that something that is considered best practice and is being done?
- Will we have the same identifier across the 2 tenants for the same user?