Friday, 25 March 2022

Multi-tenant authentication flow

How do companies handle authentication in their multi-tenant web apps?

Essentially I have a single PostgreSQL database instance with many tables. Each table has a workspace_id column which I will use to use to grant/deny access. You can think of a workspace as a client and a single user can be associated with multiple workspaces.

My initial thought was to:

  1. Use the frontend app and let the user send the email and password to the backend.
  2. Backend validates details and returns all the workspaces the user belongs to.
  3. The frontend app displays the workspaces.
  4. User selects the workspace they want to login into. The id of the workspace and the user details that were passed in step 1 is again to the backend.
  5. The backend validates again all the details and issues a jwt token containing the user details and the workspace id.
  6. Later when the user tries to access any resource I will extract the workspace id from the token to check if the user has access to a resource or not.

I am halfway through implementing what I've described above but I am not sure if that's the best approach. What do you think?



from Multi-tenant authentication flow

No comments:

Post a Comment