I'm using this Vercel NextJS-13 multi-tenant template.
It has provided next-auth authentication for the main site (i.e. "app.mydomain.com") from where tenants web apps are created and managed.
But in the template tenants web app have no authentication mechanism for their users.
So, for the authentication of tenant web app users I tried to use the same next-auth implementation used for tenants themselves in the template but after messing around with it I came to the realization that it's not supported for custom domains.
Then I've tried Auth0 but it also doesn't support custom domains.
My expectation is to have an auth service works for tenants web app users no matter if tenant web apps are sub domain or custom domain based like, "app.mydomain.com", "zain.mydomain.com", "john.mydomain.com", or "otherdomain.com", "uniquedomain.com", "xyz.com".
The Vercel Platform Starter Kits next-auth implementation for tenants does not in turn work for the users of tenants web apps. Because as of now next-auth does not support custom domain authentication from the same instance because of the static NEXTAUTH-URL environament variable.
Clerk Auth is a great alternative that can be used for tenants web apps users. There might be a challenge with configuring the middleware but this answer solves it. (https://stackoverflow.com/a/77715586/19807807)
However, I personally used the following custom JWT authentication solution for this "Platform Starter Kit". This tutorial uses mongodb but you can adapt it to use Postgres as already used in the template. (https://www.youtube.com/watch?v=2RxaJrltJKo)