Programming/Auth0
What is Auth0?
TBA
Terms and Setup Suggestions
- Tenant
- - "At Auth0, a logically-isolated group of users who share common access with specific privileges to a single software instance. No tenant can access the data of another tenant, even though multiple tenants might be running on the same machine. Tenant, in general, is a term borrowed from software multitenant architecture."
- Tenants cannot be renamed.
- You can restrict API access via scopes (more on those later), so I generally recommend one tenant per stage per website.
- Application
- - "Your software that relies on Auth0 for authentication and identity management. Auth0 supports single-page, regular web, native, and machine-to-machine applications."
- You will only need one application per website.
- API
- - (No formal definition given)
- APIs are your backend services.
- Since I recommend a micro-service architecture, I recommend one API per backend micro-service.
- Scope
- - "A mechanism that defines the specific actions applications can be allowed to do or information that they can request on a user’s behalf. Often, applications will want to make use of the information that has already been created in an online resource. To do so, the application must ask for authorization to access this information on a user’s behalf. When an app requests permission to access a resource through an authorization server, it uses the Scope parameter to specify what access it needs, and the authorization server uses the Scope parameter to respond with the access that was actually granted."
- Basically, this allows you to limit access to APIs. For example, you might have a "read" scope to allow reads from the database and a "write" scope for writing. A customer-facing website might only have the "read" scope for an API, whereas an internal website might have both "read" and "write" scopes for the same API.
- More on scopes here.