What is the best design if I would like to provide one API server and multiple single page applications?

Hi, thank you for your awesome product!

I currently think about providing one API server and multiple SPAs using Auth0:

  • Core API server
    • This is a Rails-based API
    • Verify tokens from both SPAs
    • After verifying, it stores the Auth0 metadata (user_id or something) in our application’s DB and uses it if needed
  • SPA for users (ToC application)
    • Provide both Login and Signup features
    • Verifying emails is required
    • After a user signs up, it sends an email to verify the user’s email and put a redirect link there
    • After clicking the redirect link, the user can sign in to the application
  • SPA for clients (ToB application)
    • Provide only Login feature and administrators would create accounts for them on Auth0 Dashboard
    • Verifying emails is not needed for them

I’m not sure I can satisfy such specifications using only one tenant (1 API and 2 SPAs).

  • Is it possible to do that using only one tenant?
    • Can customize login flows for each application like the above?
    • Even if possible, is it so hard? (e.g. managing Auth0 API and building a custom Login UI by myself or something)
  • If it’s impossible or not recommended, is it better to use different tenants for each application?
    • For example, creating ToC application tenant and ToB application tenant, and configuring disable signup for only ToB application tenant.
    • Then we might have to separate the core API endpoint for the applications

Sorry for the confusing question.
If it’s not enough, I’ll share more information with you.

Best regards,

Hi @hideaki.ishii1204,

Welcome to the Community!

Yes, you can accomplish this with one tenant.

To configure your tenant to only allow signups for the ToC application, you could:

  • Create a new Database Connection for the ToB application and disable signups.

  • In the ToB application, only enable this database connection.
  • In the ToC application, enable any connections you’d like except the connection you created for the ToB application.

To handle email verification, you could follow this guide for custom email handling:

In the rule, you could check to make sure that the context.clientID is the Client ID of the ToC application.

1 Like

Thank you for the awesome reply!
I will try to create a new DB connection following your advice!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.