Multitenancy

Tenants and users are very important entities in oeCloud.io. Though tenant is not ‘hardcoded’ entity, out of box oeCloud.io implement ‘Tenant’. So you will find ‘Tenant’ model when you get oeCloud.io.

In this example, we will demonstrate

  • how we can configure two tenants and users in each tenant.

What you will build

  • You will create two tenants
  • you will create two users. One each for a tenant
  • you will login as different tenant user.

What you’ll need

  • You should have Node and NPM installed.
  • mod headers extension installed on google chrome.You can get it here

How to start with this guide

You can start from scratch and complete each step, or you can bypass basic setup steps that are already familiar to you. To start from the scratch go to Getting Started

Getting Started ( Seperate database for model for seperate Tenant )

1. Prepare data

Product Model

  • We will be using given model comes up with application which is Product model.

Product Model

{
    "name": "Product",
    "base": "BaseEntity",
    "strict": false,
    "plural": "Products",
    "idInjection": true,
    "options": {
        "validateUpsert": true
    },
    "properties": {
        "code": {
            "type": "string",
            "source": "code",
            "required": true
        },
        "name": {
            "type": "string",
            "source": "name",
            "required": true
        },
        "category": {
            "type": "string",
            "source": "category"
        }
        ... other properties
    }
    ...
}

Tenants and Users

  • By default, user’s tenant information is taken from logged in user.
  • Once application is started, login to application with user name/password as admin/admin.
  • Create two tenants. One is icici and other is citi.

Creating ICICI Tenant

  • As a admin user post following data into tenant (POST /api/Tenants)
{
  "tenantId": "icici",
  "tenantName": "icici",
  "id": "icici"
}

Creating CITI tenant

  • As a admin user post following data into tenant (POST /api/Tenants)
{
  "tenantId": "citi",
  "tenantName": "citi",
  "id": "citi"
}

Switch Tenant

  • This is functionality only accessible to super user(ie admin user). With this functionality, admin user can behaves like tenant user of specific tenant.
  • Since you want to create user for tenant ICICI, you need to be ICICI tenant user to create new user. To become ICICI tenant user, you need to switch to icici tenant.

Creating Tenant User

  • In swagger UI explorer (or any other method), POST api/BaseUsers/switch-tenant and set tenantId to icici while posting.
  • Post following data to BaseUser model to create icici user.

Icici user creation

{
"username":"iciciuser",
"password":"icici",
"email":"iciciuser@icici.com"
}
  • In swagger UI explorer (or any other method), POST /BaseUsers/switch-tenant and set tenantId to citi while posting.
  • Post following data to BaseUser model to create citi user.

citi user creation

{
"username":"citiuser",
"password":"citi",
"email":"citiuser@citi.com"
}

2. Tenant Users in action

  • Now since data is papared, we will see how we can login as icici user.
  • You should set tenant_id to icici using Mod header (Modify header extension of your browser).
  • It is important to clear cookies of the application. If you have access_token set in cookie, it will override what you send over header.
  • Post following data to /api/BaseUser/login API
{
"username": "iciciuser",
"password" : "iciciuser"
}
  • you should get response like below
{
  "tenantId": "icici",
  "roles": [],
  "username": "iciciuser",
  "userTenantId": "icici",
  "id": "TDArj66ep51FHi1OYI3vifXNEj0BO0hCGqOC8RB43W1hHcu1ua6u8BHZI9MYL5XC",
  "ttl": 1209600,
  "created": "2017-01-13T06:47:12.604Z",
  "userId": "5875f8e1af3f8d3432984633"
}
  • “id”: “TDArj66ep51FHi1OYI3vifXNEj0BO0hCGqOC8RB43W1hHcu1ua6u8BHZI9MYL5XC”, this information is vary important. This is called access_token.
  • oeCloud.io identifies user based on access_token. For every request this token must be passed.
  • Swagger UI (/explorer) passes this token in every request as part of URL ?access_token=TDArj66ep51FHi1OYI3vifXNEj0BO0hCGqOC8RB43W1hHcu1ua6u8BHZI9MYL5XC
  • Application may pass access token either in URL or part of coockie with same name.
  • you can login as citi user by first setting tenant_id to ‘citi’ in request headers and then accessing /api/BaseUsers/login method and POST username/password as JSON data.
  • When you are using Swagger UI, set access token using top-right text box available so that all subsequent requests will pass access_token in URL

Some internal details

  • access_token is nothing but AuthSession table’s(or collection in MongoDB’s term) primary key.
  • AuthSession is represented as loopback Model.
  • Authsession model has got other information like tenant_id, username, ttl (time to live), roles of users etc.
  • All this information is available in callContext of every request. (options field dao)
  • If you want to add application specific information in context - when user login, you should add ‘before save’ hook on ‘AuthSession’ and add information.
  • This context is available throughout the web request.

Summary

  • This guide is very important as it will be refered at verious places.
  • You should see scope fields in BaseUser model in database to set to icici or citi depending on tenant.
  • access token is storedin AuthSession model along with tenant_id. For every request this will be varified.
  • After login as iciciuser or citiuser, you can create users for your tenants.