2

I'm building a multi-tenant cloud application and actually I need a bit of help to solve a situation about the login.

My app is a webscheduler, this allow to each customer to have a certain location where store the appointment, the location is the database of my customer (buyer).

Each buyer can have multiples locations, so I'll create for each location a database (1 location = 1 license). Until here no problem I can handle the situation correctly.

What I'm trying to do is create a login panel for each (buyer), noticed that the buyer have also operators, secretaries and his customers. So In the location database will be stored all the credentials of all workers and customers of this location.

Now the first problem's require the database connection for each tenant, so imagine that my buyer insert his credentials in my app, a practice example is better:

USERNAME: Foo
PASSWORD: bar

I need to recover the correct database connection for this tenant. My idea is insert in a XML file an access token (license for exmple), so imagine this structure:

<licenses>
    <license>
        <token>#dfpeFHTd93GHa9x$3d+Asòd3</token>
        <connection>
            <host>localhost</host>
            <username>foo</host>
            <password>foo</password>
            <dbname>appname_buyerid_locationid</dbname>
        </connection>
    </license>
    <license>
        <token>3dòsA+d3$x9aHG39dTHFepfd#</token>
        <connection>
            <host>localhost</host>
            <username>foo</host>
            <password>foo</password>
            <dbname>appname_buyerid_locationid</dbname>
        </connection>
    </license>
</licenses>

so how you can see I've a list of license, when the user put his credentials in my system, my app need to retrieve the db connection associated to this user, so start's to iterate through each license in my XML file, and get the connection associated to the token.

Now the main problem in this logic is the token, 'cause I've no idea how to assign this token to my buyer and his workers and customers.

So essentially as a rest-api request, the trace (in this case the login) should be associated to a token with the credentials of the user, the token is a license or something like that recognized the location.

I need to assign this token somewhere in the endpoint to recognize my buyer, but I've no idea where, so I need an help here, maybe someone see something that I can't see; or have maybe another and powerfull logic better than my.

For any questions or details, please don't esitate to ask.

Thanks.

AgainMe
  • 151
  • 2

1 Answers1

1

If you rely solely on the username to find the correct customer, then usernames are forced to be unique across all customers, which may be problematic.

I would suggest that the login form have a pull-down list of customers, in addition to the username and password. (You could then have a second select list of locations for that customer, if needed).

You could store a persistent cookie identifying the customer, and use that to pre-select the customer on the next visit.

An alternative would be to give each customer a custom Url: https://tomsbakery.scheduler.com/login.

Mike Kantor
  • 111
  • 2
  • yes, I also have thought to a different endpoint per user, but I don't like very much this idea. Maybe I need to leave everything as is.. With a shared databased that contains all my buyers, workers and customer of all locations. This also of course is not the best idea. – AgainMe Jan 19 '17 at 16:52
  • A separate endpoint per USER is not a good idea, but per CUSTOMER might make sense (you mentioned that each customer has multiple users who can log in). – Mike Kantor Jan 19 '17 at 17:00
  • Yes, but there is another factor to take in mind, a user could buy service to another location of the same admin (for me the buyer), so actually separate this logic will remove the feature to have the customer credentias in one place independent from the location where the user logged in. – AgainMe Jan 19 '17 at 17:25