Auth0 - use access provider for multiple children databases

Hello everyone,

I’m using faunaDB as database for my SaaS product (eCommerce business). I have an architecture where :

  • I create a child database for each eCommerce shop (tenant) , all those databases have the same GraphQL schema.

  • A user may have access to multiple databases (for example an agency that manages multiple eCommerce shops)

I want to leverage the access provider capability of faunadb to authenticate users with Auth0 access Token, but, the problem is :

  1. Auth0 dosen’t allow the modification of the audience attribute, so we can set the one corresponding to the target database when generating the token.

  2. If I create an API (audience) in Auth0 for each of my databases, the whole list will be added to the audience attribute which is not what I want, because in that case , the user will have access to all databases.

Is it possible that faunaDB verify the JWT without checking the audience ? for example the verification could be done on a predefined scope

No. The audience URL specifies which database to connect to. Without that, queries would be detached from any database and unable to access|mutate data.

You could use an AccessProvider configuration on the parent database, call a UDF that creates one or more child databases and one or more keys|tokens for those child databases, and provide the secret(s) in the response. The client can then use the secret(s) to operate on those child databases.

1 Like

@Omar_Hachami I believe you can have multiple aud if you are using Auth0. For each child database there is a aud. You can write a simple UDF function to check the user identity. You can use CurrentIdentity() in this case to identify the logged-in user.

1 Like

hmmm…It seems to be a good idea. thanks @ewan I’ll try it

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.