I am currently developing several different 'apps/web apps', they all talk to a central API.
There are 3 different types of users that will use these apps:
Internal Staff - Admin dashboard type application
Partners - Apps for partners to interact with our systems
Customers - Customer facing apps
The API is built with nodejs/express, and I am looking to use auth0 to handle user authentication and authorization.
Am I correct in thinking I should use a different tenant within auth0 for each user type?
If so, can each separate tenant have different scope access to a single API that is shared among all 3 tenants?
Am I correct in thinking I should use a different tenant within auth0 for each user type?
I would recommend using role based access control (RBAC) for this instead of spreading it out across multiple tenants.