multi tenant auth
Hey everybody. I am trying to implement multi tenant auth where isntead of supabase's implementation of the email being the key, I have a subdomain + email as a composite primary key.
I don't think this is built into supabase, but please correct me if I am wrong.
If it's not built in, anyone got some pointers? Haha. Was looking into 3rd party auth that supports idp, but if I can stay with supabase that would be great. Thanks.
6 Replies
Right now email is required.
Absolutely, I understand that. Is there a way to have an email on lets say,
hey.domain.com
and
bye.domain.com
map to completely different users?
Right now, signing in to hey.domain.com means the log in will also work on bye.domain.com
I guess I'm missing something.
What is an example of the full emails?
What do you mean by full emails- the part where I say subdomain + email?
If so I mean subdomain of the website, maybe it is best with a IRL example
Functionality I am looking for
So for a platform like canvas, there may be two tenants.
school1.instructure.com
school2.instructure.com
I sign up to school1 with an email: ryan@gmail.com
If I try to sign in to school2 with ryan@gmail.com, it will not work. I must make a fully new account under school2, even if it's the same email.
Functionality I am currently observing
I sign up to school1.instructure.com with ryan@gmail.com
This email is saved in the auth table
I sign in to school2.instructure.com with ryan@gmail.com
This works- even though I did not explicitly make an account with school2. It refers to the same user in the auth table that signed up to school 1.
I hope I explained that okay hahahah
Right. You would have to add the domain checking on top of the email with a table of domains the user is on or header and then use RLS. The user is based on the email and the email alone.
For Supabase there is no way to create groups of users with same email address but SSO.
I see. Alright, thank you very much @garyaustin