Hi Rishabh( @rp ) , we were looking for managed auth solutions for our gig - tamarind.ai and we are going ahead with supertokens for its quick setup and supercool documentation.
I have below queries
We are building a b2b solution and we need to take businessId along with the username/password for authenticating the user. I went through the documentation and think this is how I could approach the problem
1. customise sign-up and sign-in forms to add businessId form field. 2.'In the back-end, add pre-signup and pre-signin hooks to intercept the request
3. pre-signup and pre-signin hook checks if businessId is valid from our app DB, if not it returns an error message
4. Add a Post-sign up and persist the user ID and businessId, role in a business_user table in our DB
5. Add a Post-sign in hook and validate that businessId in the request has the user signed in - if not, throw an error as the user is trying to access resources of other business
6. Use jwt token and add businessId in the claims (we need businessId for APi queries, instead of DB query on business_user table everytime, I think we can leverage jwt tokens)
Is this approach looking good?