FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    What are the ways to login to multiple applications ?

    Scheduled Pinned Locked Moved
    Q&A
    0
    2
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IzioDev
      last edited by IzioDev

      Hi,

      I would like to create multiple application, each application represent a company. An user should be able to have an account on multiple application (multiple company). Note: the applications are an SPA and one mobile application (Flutter).

      First question, is the design ok so far ? Like having an application per company.

      I already know (with the FusionAuth API) how to register to multiple applications (multiple API calls).
      The real shadowed part here is how to login to multiple applications. In fact, the login API requires one applicationId parameter. Before the API login request, I fetch from my datasource the application the user is in (it will be an array later I guess), then pass it to the /api/login endpoint. It returns a refresh_token and an access_token. So far, so good.

      When dealing with multiple applications, I don't really see how to manage all these login api response. Would I have to manage n number of access_token/refresh_token pair ? I'd prefer the user to login in only once and then he could access all differents FusionAuth Application. So I guess it's the best design, but it's annoying to manage this n token complexity.

      Is there a better way to achieve this ?

      Thanks in advance,

      Romain.

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        Hiya,

        I think the best path forward would be for you to use the populate JWT lambda.

        In that you can examine the user, their registrations to various FusionAuth applications, and modify the delivered JWT. So you could iterate the registrations and build a JWT claim called supportedApps with a list of your apps. You'd have to keep all the lambdas in sync across every application, but luckily you can do so with the FusionAuth API.

        Then in any APIs your SPA or native apps call, they can look at the supportedApps claim. If the API supports that company, it can respond.

        I'm not sure exactly why you are separating these companies out as FusionAuth applications if one login gets you access to all of them, though. You could map this within one application using roles too, which is a different set of tradeoffs.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post