Timeline for Checking tenant information in microservices
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 26, 2019 at 20:59 | vote | accept | Steven Brookes | ||
| Oct 16, 2020 at 14:00 | |||||
| Jul 26, 2019 at 14:23 | comment | added | panda | @StevenBrookes, this is a good point. If you need to enforce domain accessibility this is a check that can be done by the API Gateway to ensure that the tenant-id matches the domain name. However, if this is a SaaS environment, wouldn't domain access be used just for tenant identification purposes? If this is the case then even if users access a different domain, they would be treated for the tenant they have been authenticated with since their tenant-id will not change. | |
| Jul 23, 2019 at 10:31 | comment | added | Steven Brookes | Also, I have edited my initial post to add some info on tenant/user creation. There would already be tokens provided by an external service in those contexts, and those tokens would also be used for some of the API gateway calls | |
| Jul 23, 2019 at 10:21 | comment | added | Steven Brookes | That's a good suggestion, and something that did come to mind. The question I have on that though is, would that make the subdomain redundant after login? If I login on tenant1.mydomain.com, and the token contains the tenant ID, I wouldn't envisage I should be allowed to goto tenant2.mydomain.com and do something, even if the checks are done at token level post-login | |
| Jul 23, 2019 at 9:44 | history | answered | panda | CC BY-SA 4.0 |