Hi, thank you for your awesome product!
I currently think about providing one API server and multiple SPAs using Auth0:
- Core API server
- This is a Rails-based API
- Verify tokens from both SPAs
- After verifying, it stores the Auth0 metadata (
user_id
or something) in our application’s DB and uses it if needed
- SPA for users (ToC application)
- Provide both
Login
andSignup
features - Verifying emails is required
- After a user signs up, it sends an email to verify the user’s email and put a redirect link there
- After clicking the redirect link, the user can sign in to the application
- Provide both
- SPA for clients (ToB application)
- Provide only
Login
feature and administrators would create accounts for them on Auth0 Dashboard - Verifying emails is not needed for them
- Provide only
I’m not sure I can satisfy such specifications using only one tenant (1 API and 2 SPAs).
- Is it possible to do that using only one tenant?
- Can customize login flows for each application like the above?
- Even if possible, is it so hard? (e.g. managing Auth0 API and building a custom Login UI by myself or something)
- If it’s impossible or not recommended, is it better to use different tenants for each application?
- For example, creating ToC application tenant and ToB application tenant, and configuring
disable signup
for only ToB application tenant. - Then we might have to separate the core API endpoint for the applications
- For example, creating ToC application tenant and ToB application tenant, and configuring
Sorry for the confusing question.
If it’s not enough, I’ll share more information with you.
Best regards,