Config per Tenant - Githubissues

Hi all,

We have a different use case concerning authentication. Each Tenant would be set up manually for our product, and thus we would configure them.

Specifically, in regards to authentication, we use ORY Kratos. Each of our Tenants get their own ORY Kratos instance. This is due to the design of Kratos. The problem here is that each Tenant has their own login redirect URL, secret keys, etc.

The question is, how would one go about solving this issue?

I will give you our current outlook.

We plan on storing the configuration in a key store. When a Tenant visits [tenant].app.company.com we would get their Tenant ID from the URL, and fetch the configuration behind the scenes for that Tenant injecting it into each page (the non-sensitive values). We would also fetch this configuration on certain API endpoints (the sensitive values).

Now, I can see some issues with this approach. 1. Caching this sensitive data isn't going to be easy, and will result in a call every time. 2. The configuration would be available at the page level (we're using old routing right now) and thus each hook, etc. Therefore, for example, a RQ hook would need to accept, for example the Tenant ORY Kratos redirect URL as a parameter. This would mean page level configuration would be passed around in a, potentially unmaintainable way. 3. We have API routes that need this sensitive configuration, and therefore, every time an API endpoint is called we would have to request the config again!

There are plenty of issues with the approach I have outlined above.

So, has anyone seen a maintainable approach to this problem? Any solutions for the above issue? Any ideas would be appreciated.

vercel / platforms

Config per Tenant #285