'How to implement multi-tenancy in new Spring Authorization server

Link for Authorization server: https://github.com/spring-projects/spring-authorization-server

This project pretty much has everything in terms of OAuth and Identity provider. My question is, How to achieve multi-tenancy at the Identity provider level.

I know there are multiple ways to achieve multi-tenancy in general.

The scenario I am interested in is this:

  1. An organization provides services to multiple tenants.
  2. Each tenant is associated with a separate database (Data isolation including user data)
  3. When a user visits dedicated Front-end app(per tenant) and negotiate access tokens from Identity provider
  4. Identity provider then identifies tenant (Based on header/ Domain name) and generates access token with tenant_id
  5. This access token then is passed on to down-stream services, which intern can extract tenant_id and decide the data source

I have a general idea about all the above steps, but I am not sure about point 4.

I am not sure How to configure different data sources for different tenants on the Identity Provider? How to add tenant_id in Token?

Link to the issue: https://github.com/spring-projects/spring-authorization-server/issues/663#issue-1182431313

spring-bootspring-securityoauth-2.0multi-tenant


Solution 1:[1]

This is not related to Spring auth Server, but related to approaches that we can think for point # 4

I remember the last time we implemented a similar approach, where we had below options

  1. To have unique email addresses for the users thereby using the global database to authenticate the users and post authentication, set up the tenant context.
  2. In case of users operating in more than 1 tenant, post authentication, we can show the list of tenant's that the user has access to, which enables setting the tenant context and then proceeding with the application usage.

More details can be read from here

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Trying to create the database using ABP framework while DB Migration

How To Create A New Database For Each Tenant on Laravel Sail, Docker

Azure Ad multitenant applications registration with client credentials flow

Query through all provided schemas

Spring Boot Multitenant - Access data from multiple schema at the same time or per http request using spring boot

Design / Implement Transactional Outbox pattern in schema isolated multitenant application

How to authenticate users from different realms against a single application?

DRF/Multi-tenant - How to specify tenant host (domain) in unit tests?

Multi tenant in Firestore

I was trying to implement per tenant one database using ABP framework but couldn't succeed with that approach

Entity framework core multi tenant : auto increment column based in another column value

Hibernate + spring multi tenancy wrong schema selected

How to return 404 for pages that do not exist when using Grails Spring Security Plugin

spring sas 0.2.0 access_token throw 'Access is denied'

AuthenticationSuccessEvent never fired