11/13/2022, 8:07 AM
Hi Rishabh( @rp ) , we were looking for managed auth solutions for our gig - and we are going ahead with supertokens for its quick setup and supercool documentation. I have below queries We are building a b2b solution and we need to take businessId along with the username/password for authenticating the user. I went through the documentation and think this is how I could approach the problem 1. customise sign-up and sign-in forms to add businessId form field. 2.'In the back-end, add pre-signup and pre-signin hooks to intercept the request 3. pre-signup and pre-signin hook checks if businessId is valid from our app DB, if not it returns an error message 4. Add a Post-sign up and persist the user ID and businessId, role in a business_user table in our DB 5. Add a Post-sign in hook and validate that businessId in the request has the user signed in - if not, throw an error as the user is trying to access resources of other business 6. Use jwt token and add businessId in the claims (we need businessId for APi queries, instead of DB query on business_user table everytime, I think we can leverage jwt tokens) Is this approach looking good?


11/13/2022, 8:33 AM
Hey @sahas this looks good. Except that you can’t add an extra form field in the sign in form (but you can on the sign up form). So perhaps asK for the business ID as a separate step before showing the sign in / up form.


11/13/2022, 9:28 AM
Understood, thanks @rp . Will reach out if I need more.