Using Auth0 Tenant for Production and Development

Problem statement

If a customer on a self-service plan, each new tenant they create will require a separate subscription. This overhead can be burdensome especially for smaller start ups. To get around this additional fee and setup, customers will occasionally attempt to setup one Auth0 tenant to be used for both Development and Production purposes.

In the context of triggering Action code, such as API calls or redirects, is it possible for a given Action to execute only for either a Production or Development workflow?

Solution

Though Auth0 recommends setting up separate Auth0 tenants to handle Production and Development workflows, it could be possible to create some artificial separation between Production and Development within one Auth0 tenant.

The primary way this could be considered is to have specific applications/connections/APIs for either Production or Development workflows. For example if a given use case requires setting up and testing a redirect in an Action then the following strategy could be deployed to ensure this Action redirects to the correct destination based on the type of application making the request:

exports.onExecutePostLogin = async (event, api) => {
  if (event.client.client_id == "YOUR_DEV_APP_CLIENT_ID") {
    api.redirect.sendUserTo("YOUR_DEV_APP_REDIRECT_URL"); 
  } else if (event.client.client_id == "YOUR_PROD_APP_CLIENT_ID") {
    api.redirect.sendUserTo("YOUR_PROD_APP_REDIRECT_URL"); 
  }
};

The above could use an attribute other than the ‘client_id’ potentially to differentiate workflows, but the key is to create this segregation between Auth0 resources solely used for Development and Production.

Note that even with the above suggestion, certain Auth0 features are tenant wide, such as certain MFA settings or Universal Login configurations, so this workaround is not a catch-all solution.