# support-questions


06/12/2021, 6:07 PM
Hi. I’m using SuperTokens in my project. Currently I have a NodeJS backend which connects to the SuperTokens auth core (I use session and emaipassword recipes). In addition I have a React app talking with the backend (with custom forms). Now I need to add another frontend react app (other domain). I want to have a group of new users who can only log in to the new app (they should not be able to log in to the current app). Have you got any suggestions how can I handle this situation with supertokens? I was thinking about creating user roles. How could I then add info about which app is the user logging in from? And also is it possible to reject the log in when the user does not have a certain role (without creating a custom endpoint)?