Hi, I'm looking for info as I have to choose between cookie based/jwt login. But I cannot find right documentation. I have a multitenant, microservice ecosystem, with multiple (web) frontend apps and multiple apis. Once I login in a single frontend app, I must be authenticated in all frontend apps. I have a dedicated supertokens backend microservice (with core hosted internally) where I actually do authentication. No user is shared between different tenant. I cannot use (and I do not want to do it) supertokens SDK in all my backend microservices exposing api (they are a lot, in many different languages). What's the correct choice?

Hey @edubacco

everything shares the same base domain

Im good. Thanks! How r u?

exactly, per single tenant (we have no shared users in different tenants)

I’m not sure why you mean by per single tenant here

so if a user wants to login to another tenant, it has to register to that tenant before, and it has to do two logins

And each tenant has its own frontend sub domain?

because tenant = customer, and I cannot say to one of my customer "hey, you will inherit users from a different customer"

Right. So a user logs into a sub domain, and they should remain logged into that sub domain, and only that sub domain?

it should remain logged into every sub domain of the tenant (we have multiple frontend apps)

So a tenant can have specific sub domains, whilst another tenant can have other specific sub domains?

exactly

Okay.

ah yes, that's the point. They are shared

So you want to see this: https://supertokens.com/docs/session/common-customizations/sessions/share-sessions-across-sub-domains

I can have dedicate domains (one per tenant) for ST backend if needed

Not needed

not a big problem at the moment

No no

ok

Cookies should be fine

and using cookies, how my backend api authenticate the user?

Just regular JWT verification

yep, got it