I like how auth0 works, and I want to use it in my application. First, I have to know the exactly workflow because I need to implement it with my project.
My “users” are gonna be the clients of my clients. The organization is gonna be my client.
For example: McDonalds is the organization, and McDonalds from California is a User, McDonalds from NewYork is another user, this two users are from this organization (I´m not working for McDonalds hahaha)
Let me explain myself:
- I have several MS(Microservice) with an API and a Backend.
- One user can access one or more APIs, this user will have the permissions of different APIs(maybe some permissions of one API and all of another, and none of another).
- I can use a web to log in, but I need some kind of endpoint in the api auth0 to get a token sending the “clientID application”, “secretID application”, “email”, “password”, “organization” and “audience”. I need this because it doesn’t make sense to have a login form for some apps. The token will have the permissions, roles, etc for this user.
- One API can access to other APIs.
Tokens have to get the organization or organizationID because I need to call the same endpoint in an API and get different values deppending on the organization (Burguer King can´t see McDonalds Information).
Users can log in the web but use different APIs. How can I get different audiences in one login without log in again without another audience?
I don´t know if I explain myself clearly. If you guys have any questions let me know. Could someone explain me the workflow of my application with auth0?