We’re running a multi-tenant web app, where each tenant accesses their environment via their own subdomain, similar to how Slack does that, like my-company.our-webapp.com for example
Technically each subdomain is a dedicated application server connected to a dedicated database per tenant. The database stores all the users and they authenticate (login) directly on that dedicated application server.
The rest api is exposed (www.)our-webapp.com/api/vx.x.x/tenant_id/yyyyy/…, where there our api backend knows which backend database to connect to, based on the yyyyy for the tenant_id in the api url.
My question is this: what would be the best practise in such a setup for Hydra?
I’ve read somewhere that it is not advised to have a single Hydra instance for all tenants, so then it would be a Hydra instance per tenant? Is this realy the best practise, cause I feel that being quite a bit overhead.
On the other hand, if we’d just have a single Hydra instance, could we make it work properly, in a sense that the url for the consent app would likely have to be something like my-company.our-webapp.com/consent?.…, where the subdomain part (‘my-company’) would have to somehow be dynamic
I’m a bit at a loss trying to wrap my head around all the parts involved in a Hydra integration in a scenario as described above and whether it’s doable at all.
I did read up on the upcoming changes to the consent flow in https://github.com/ory/hydra/issues/772, but not sure whether those changes would help my case, make it harder or make no difference at all
Hoping someone can shed some light on this,