B2B multiple organizations metadata
āUnsolvedāQuestion
Hi Zitadel team, we're evaluating using Zitadel for our new product. We have the following conceptual setup in Zitadel. We have a single project with 2 applications (user agent, api) . Then for each tenant we create a new organisation. These tenants live in our application in different regions/data-centers so for every organization we add some metadata like the region code. A user can have access to multiple tenants with different roles but will only request data for one tenant at a time.
In our current POC we do the following which I feel is not the right solution yet, but I cannot think of another way to solve it.
User logs in (frontend application) and the token contains all the roles for the different organizations. The users are now ORG_OWNER_VIEWER on the Organizations they have access too. Then we call the Management API to list the metadata of the organizations they have access to. The user selects which organization they want to activate and we use the meta data of the selected organization to request the data from the backend api.
In the backend api we check again whether the user is authenticated and has access to the organisation they request data from, etc.
In this implementation all users need the ORG_OWNER_VIEWER permissions and we have to call the management API a bunch of times. Is there another way to give this Organization metadata preferably in the JWT token of all the organizations the user has access to or only from the organization that is currently active ?
In our current POC we do the following which I feel is not the right solution yet, but I cannot think of another way to solve it.
User logs in (frontend application) and the token contains all the roles for the different organizations. The users are now ORG_OWNER_VIEWER on the Organizations they have access too. Then we call the Management API to list the metadata of the organizations they have access to. The user selects which organization they want to activate and we use the meta data of the selected organization to request the data from the backend api.
In the backend api we check again whether the user is authenticated and has access to the organisation they request data from, etc.
In this implementation all users need the ORG_OWNER_VIEWER permissions and we have to call the management API a bunch of times. Is there another way to give this Organization metadata preferably in the JWT token of all the organizations the user has access to or only from the organization that is currently active ?
