0

I have a multitenant application where a user can belong to multiple tenants. I'm using Identity-Server 4 for the authentication.

I have two applications Angular and API. When a user is not authenticated, it's being redirected to the Identity-Server and proceeds authentication. Once the ID4 ensures that the client credentials are correct a new access_token is generated and returned to the Angular side. then the Angular checks the tenant ID and if it is not present to the access_token it redirects to the tenant page where a user must select a tenant. Once the tenant ID is selected initLoginFlow is called and the tenant ID is sent to the identity-server side. Identity-Server looks for the tenant ID and if it's found then it issues another access_token that contains the tenant ID.

I have couple of questions:

  1. Is it possible to call ProfileService on the Identity-Server side from Angular to update the identity_token?
  2. Is the implementation flow correct?
Improve this question
3
  • Is it possible to call ProfileService on the Identity-Server side from Angular to update the identity_token? wouldn't this be a vulnerability? Commented Jun 27, 2022 at 13:24
  • @Laiv You can redirect to the ID4 side and pass some arguments and consequently the ProfileService will be called and u will have the query parameters. And this way u can update it. Not directly call the profile service. Commented Jun 27, 2022 at 16:32
  • Correct me if I'm wrong. You are looking for a way to skip initLoginFlow by updating the access_token from SPA once the tenant ID is selected. If yes? What's the relationship between users and tenancy? Can 1 user "be" multiple tenants? if yes. Wouldn't be simpler to set a default|main tenant so you don't have to do the second trip? Commented Jun 28, 2022 at 7:08

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.