Multi-tenancy

Multi-tenancy allows you to sub-divide your application's access levels so that your users can have their own teams and organizations within your application.

The term "tenant" refers to one of these teams or organizations.

Within a tenant, you can assign roles to your users.

Users can have multiple roles within a tenant, and users can also have roles in more than one tenant.

You can assign application-wide roles and tenant-specific roles.

Multi tenancy

#Tenants

Use tenants in your application when you want specific users to have access to specific resources or actions.

If you will want more than one user to be able to access a tenant within your application, multi-tenancy allows you to give access to multiple users.

Similarly, if you will want some users to have access to more than one tenant, multi-tenancy allows you to add a user to many tenants.

Multi-tenancy is a good solution when your app requires more than one user per organization, or more than one organization per user.

#Roles

Roles define what level of access a user has within a tenant.

Role names like admin, author, or developer can mean whatever you want within your application, and you can define your own roles as needed.

Because a tenant does not "belong" to a given user, each user must have one or more roles in order to be associated with a tenant.

#JWT access token

When a user has a role in one or more tenant, it will show in the authorization object of their JWT access token.

In this example, the user is an admin of Tenant A (nz569yb7) and has viewer and support roles for Tenant B (a5h281k8).

#Usage in your application

Your server should first verify the JWT access token, and then it can check the authorization object to determine whether to allow access or not.

With this approach, your server can check the access token at whatever point makes the most sense for your application.