Branislav B.
Reputation: 557
Multi-organization solution with identityserver4
I've got following setup:
- IdentityServer4 using asp.net core identity
- Accounts app - where user can edit his account data and users can register
- Portal - where users can login and select an organization to which they're connected (same as in azure devops)
- API that is used by portal
Does anyone have experience setting up something similar ? My question would be how to authorize the calls at API level to make sure he is only editing entities that belong to his organization.
Thanks !
Upvotes: 1
Views: 291
Answers (1)
d_f
Reputation: 4859
One way could be to use a tenant claim within each bearer token, so that when a user changes an organization on the portal (in case one user has access to several orgs), you perform relogin to the chosen tenant, or just request a new access token with a chosen tenant_id inside.
You can use this and this answers for the reference on how to pass a custom parameter (such as tenant id) with your request to Identityserver.
Upvotes: 1
Related Questions
- Identity Server 4 OIDC authorization_code flow multi tenancy
- .Net Framework Multi-Tenant OIDC Authentication
- IdentityServer - multiple OAuth servers with compatible tokens?
- IdentityServer4 + Web Api + Spa together in one project
- IdentityServer, clients and user profile management
- Multiple OpenIdConnectAuthentication-Middlewares for Multitenancy
- Multiple Identity Provider Login OAuth/Open ID
- Identity 2.0 Linking Multiple Login Providers
- Users in Multiple Organizations with Different Roles
- Merging OAuth accounts in ASP.NET Identity Authentication system