search

oqtane / oqtane.framework

CMS & Application Framework for Blazor & .NET MAUI
http://www.oqtane.org
MIT License
1.87k stars 541 forks source link

[BUG] API Login Implementation for Multi-Tenant System with Separate Databases in Subdomains #4685

Closed mithang closed 1 week ago

mithang commented 2 weeks ago

Oqtane Info

Version - 5.2.3 Render Mode - Static Interactivity - Server Database - Postgres

Describe the bug

After creating tenant1.localhost and tenant2.localhost, how do you write a login API that automatically distinguishes between the databases of tenant1 and tenant2? For example, if you log in to tenant1, it will use the tenant1 database, and similarly for tenant2. @sbwalker sb

Expected Behavior

Steps To Reproduce

Anything else?

sbwalker commented 2 weeks ago

@mithang are you reporting an Issue (ie. [BUG]) or are you asking a question? If you are asking a question, please use the Discussions area in the future as Issues are intended to be used for actual defects or enhancement requests.

Oqtane already contains a multi-tenant security system. If you are on tenant1.localhost and you use the Login capability it will authenticate you against the database associated to tenant1. If you then navigate to tenant2.localhost you will be forced to re-authenticate (because cookies are not shared across subdomains by default). You will be presented with the Login form and your credentials will be validated against the database associated to tenant2.

mithang commented 1 week ago

@sbwalker I need to develop APIs (sign in, sign up, and survey) for each tenant with Oqtane as the backend and ReactJS as the frontend. For example:

sbwalker commented 1 week ago

@mithang Oqtane is a client/server application - so it does have a distinct back-end that can be used as a headless API. That being said, the tagline for Oqtane is "A CMS and Application Framework for Blazor and .NET MAUI". I am highlighting this because if you use Blazor as your front-end technology in Oqtane, you get a lot of productivity benefits. For example, all of the front-end state containers such as SiteState, PageState, and ModuleState are all provided via Blazor UI concepts such as cascading parameters and scoped services. These state containers provide access to key information such as the current tenant/site, current user, etc... If you want to write a native ReactJS front-end you will need to create equivalent concepts in JavaScript, which is certainly possible, but will require a substantial amount of work. Perhaps there are Oqtane community members who are willing to assist with this effort (you can ask in the Discussions area) however since it is not aligned with the general goals for the open source project, I will not be able to spend any time on it myself.

mithang commented 1 week ago

I only need to write 3 APIs for sign in, sign up, and survey for the tenants, while the backend and frontend will still use Oqtane. The frontend using ReactJS will be a separate landing page for the survey running independently for a marketing campaign. @sbwalker s

sbwalker commented 1 week ago

Oqtane already includes a full security implementation which allows users to login/logout. It also supports anonymous user registration (signup) including the ability to define user profile fields. And in regards to survey functionality you might want to look at https://github.com/oqtane/Oqtane.Survey. I do not understand the need to use ReactJS at all. Just use Oqtane in Static render mode to create your landing page. Don't make things more difficult than necessary.