[BUG] API Login Implementation for Multi-Tenant System with Separate Databases in Subdomains
Closed this issue · 5 comments
Oqtane Info
Version - 5.2.3
Render Mode - Static
Interactivity - Server
Database - Postgres
Describe the bug
After creating tenant1.localhost and tenant2.localhost, how do you write a login API that automatically distinguishes between the databases of tenant1 and tenant2? For example, if you log in to tenant1, it will use the tenant1 database, and similarly for tenant2.
@sbwalker sb
Expected Behavior
Steps To Reproduce
Anything else?
@mithang are you reporting an Issue (ie. [BUG]) or are you asking a question? If you are asking a question, please use the Discussions area in the future as Issues are intended to be used for actual defects or enhancement requests.
Oqtane already contains a multi-tenant security system. If you are on tenant1.localhost and you use the Login capability it will authenticate you against the database associated to tenant1. If you then navigate to tenant2.localhost you will be forced to re-authenticate (because cookies are not shared across subdomains by default). You will be presented with the Login form and your credentials will be validated against the database associated to tenant2.
@sbwalker
I need to develop APIs (sign in, sign up, and survey) for each tenant with Oqtane as the backend and ReactJS as the frontend. For example:
- tenant1.localhost will have APIs (sign in, sign up, and survey)
- tenant2.localhost will have APIs (sign in, sign up, and survey)
Note: Each tenant will have a separate database.
@mithang Oqtane is a client/server application - so it does have a distinct back-end that can be used as a headless API. That being said, the tagline for Oqtane is "A CMS and Application Framework for Blazor and .NET MAUI". I am highlighting this because if you use Blazor as your front-end technology in Oqtane, you get a lot of productivity benefits. For example, all of the front-end state containers such as SiteState, PageState, and ModuleState are all provided via Blazor UI concepts such as cascading parameters and scoped services. These state containers provide access to key information such as the current tenant/site, current user, etc... If you want to write a native ReactJS front-end you will need to create equivalent concepts in JavaScript, which is certainly possible, but will require a substantial amount of work. Perhaps there are Oqtane community members who are willing to assist with this effort (you can ask in the Discussions area) however since it is not aligned with the general goals for the open source project, I will not be able to spend any time on it myself.
I only need to write 3 APIs for sign in, sign up, and survey for the tenants, while the backend and frontend will still use Oqtane. The frontend using ReactJS will be a separate landing page for the survey running independently for a marketing campaign.
@sbwalker s
Oqtane already includes a full security implementation which allows users to login/logout. It also supports anonymous user registration (signup) including the ability to define user profile fields. And in regards to survey functionality you might want to look at https://github.com/oqtane/Oqtane.Survey. I do not understand the need to use ReactJS at all. Just use Oqtane in Static render mode to create your landing page. Don't make things more difficult than necessary.