Merge pull request #795 from supertokens/multitenancy-dashboard

fix: changes for multitenancy dashboard
supertokens · Jul 16, 2024 · cc1775f · cc1775f
2 parents 3e1c0ad + f6afdee
commit cc1775f
Show file tree

Hide file tree

Showing 17 changed files with 166 additions and 156 deletions.
diff --git a/v2/emailpassword/common-customizations/multi-tenancy/multi-app.mdx b/v2/emailpassword/common-customizations/multi-tenancy/multi-app.mdx
@@ -35,14 +35,12 @@ In order to create a new app in the SuperTokens core, you can use the following
 <CoreInjector defaultValue="http://localhost:3567" showAppId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
     "appId": "app1",
-    "thirdPartyEnabled": true,
-    "passwordlessEnabled": true,
-    "emailPasswordEnabled": true,
+    "firstFactors": ["emailpassword", "thirdparty", "otp-email", "otp-phone"]
     "coreConfig": {...}
 }'
 ```
@@ -52,7 +50,16 @@ curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multite
 - The above command will create (or update) an app with the appId of `app1`.
 - It will also create a default tenant for this app with the tenant ID of `public` (i.e. the default tenantId)
 - You can set various core configs for this app (see the config.yaml / docker env var options for your core). The core configs for a new app will inherit from the the configs provided in the config.yaml / docker env (or our edit config dashboard for managed service).
-- By default, all the login methods are enabled for a new app (specifically, the `public` tenant of the new app), but you can pass in `false` to any of the login methods specified above to disable them. 
+- By default, all the login methods are enabled for a new app (specifically, the `public` tenant of the new app), but you can pass in `firstFactors` input to specifically enable selected login methods.
+
+The built-in Factor IDs that can be used for `firstFactors` are:
+- Email password auth: `emailpassword`
+- Social login / enterprise SSO auth: `thirdparty`
+- Passwordless:
+    - With email OTP: `otp-email`
+    - With SMS OTP: `otp-phone`
+    - With email magic link: `link-email`
+    - With SMS magic link: `link-phone`
 
 :::important
 Even if a login method is enabled for a tenant, you will still require to initialise the right recipe on the backend for sign up / in to be possible with that login method. For example, if for a tenant, you have enabled the passwordless login method, but don't use the passwordless (or a combination recipe that has passwordless) on the backend, then end users will not be able to sign up / in using the passwordless APIs cause those APIs won't be exposed via our backend SDK's middleware.

diff --git a/v2/emailpassword/common-customizations/multi-tenancy/new-tenant-config.mdx b/v2/emailpassword/common-customizations/multi-tenancy/new-tenant-config.mdx
@@ -133,7 +133,7 @@ else:
 <CoreInjector defaultValue="http://localhost:3567" showTenantId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
@@ -286,7 +286,7 @@ else:
 <CoreInjector defaultValue="http://localhost:3567" showTenantId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
@@ -340,9 +340,7 @@ async function getTenant(tenantId: string) {
     } else {
         let coreConfig = resp.coreConfig;
 
-        let isEmailPasswordLoginEnabled = resp.emailPassword.enabled;
-        let isThirdPartyLoginEnabled = resp.thirdParty.enabled;
-        let isPasswordlessLoginEnabled = resp.passwordless.enabled;
+        let firstFactors = resp.firstFactors;
 
         let configuredThirdPartyProviders = resp.thirdParty.providers;
     }
@@ -393,6 +391,7 @@ func main() {
 }
 ```
 
+
 </TabItem>
 <TabItem value="python">
 
@@ -455,14 +454,15 @@ else:
 </TabItem>
 </PythonSyncAsyncSubTabs>
 
+
 </TabItem>
 
 <TabItem value="curl">
 
 <CoreInjector defaultValue="http://localhost:3567" showAppId showTenantId={false}>
 
 ```bash
-curl --location --request GET '^{coreInjector_uri_without_quotes}/customer1/recipe/multitenancy/tenant' \
+curl --location --request GET '^{coreInjector_uri_without_quotes}/customer1/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json'
 ```
@@ -482,22 +482,16 @@ Otherwise you will get a `200` status code with the following JSON output:
 ```json
 {
   "status": "OK",
-  "emailPassword": {
-    "enabled": boolean
-  },
   "thirdParty": {
-    "enabled": boolean,
     "providers": [...]
   },
-  "passwordless": {
-    "enabled": boolean
-  },
   "coreConfig": {
 	"email_verification_token_lifetime": 7200000,
 	"password_reset_token_lifetime": 3600000,
 	"postgresql_connection_uri": "postgresql://localhost:5432/db2"
   },
-  "tenantId": "customer1"
+  "tenantId": "customer1",
+  "firstFactors": ["emailpassword", "thirdparty", "otp-email", "otp-phone"],
 }
 ```
 

diff --git a/v2/emailpassword/custom-ui/multitenant-login.mdx b/v2/emailpassword/custom-ui/multitenant-login.mdx
@@ -150,7 +150,7 @@ else:
 <CoreInjector defaultValue="http://localhost:3567" showTenantId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{

diff --git a/v2/emailpassword/pre-built-ui/multitenant-login.mdx b/v2/emailpassword/pre-built-ui/multitenant-login.mdx
@@ -147,7 +147,7 @@ else:
 <CoreInjector defaultValue="http://localhost:3567" showTenantId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{

diff --git a/v2/mfa/backend-setup.mdx b/v2/mfa/backend-setup.mdx
@@ -177,8 +177,6 @@ import MultiFactorAuth from "supertokens-node/recipe/multifactorauth"
 
 async function createNewTenant() {
     let resp = await Multitenancy.createOrUpdateTenant("customer1", {
-        emailPasswordEnabled: true,
-        passwordlessEnabled: true,
         firstFactors: [MultiFactorAuth.FactorIds.EMAILPASSWORD]
     });
 
@@ -211,13 +209,11 @@ Coming soon. In the meantime, checkout the [legacy method](./legacy-method/how-i
 <CoreInjector defaultValue="http://localhost:3567" showAppId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/appid-<APP_ID>/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/appid-<APP_ID>/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
     "tenantId": "customer1",
-    "emailPasswordEnabled": true,
-    "passwordlessEnabled": true,
     "firstFactors": ["emailpassword"]
 }'
 ```
@@ -552,8 +548,6 @@ import MultiFactorAuth from "supertokens-node/recipe/multifactorauth"
 
 async function createNewTenant() {
     let resp = await Multitenancy.createOrUpdateTenant("customer1", {
-        emailPasswordEnabled: true,
-        passwordlessEnabled: true,
         firstFactors: [MultiFactorAuth.FactorIds.EMAILPASSWORD],
         requiredSecondaryFactors: [MultiFactorAuth.FactorIds.OTP_EMAIL]
     });
@@ -587,13 +581,11 @@ Coming soon. In the meantime, checkout the [legacy method](./legacy-method/how-i
 <CoreInjector defaultValue="http://localhost:3567" showAppId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/appid-<APP_ID>/recipe/multitenancy/tenant' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/appid-<APP_ID>/recipe/multitenancy/tenant/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
     "tenantId": "customer1",
-    "emailPasswordEnabled": true,
-    "passwordlessEnabled": true,
     "firstFactors": ["emailpassword"],
     "requiredSecondaryFactors": ["otp-email"]
 }'

diff --git a/v2/multitenancy/list-tenants-and-apps.mdx b/v2/multitenancy/list-tenants-and-apps.mdx
@@ -33,15 +33,19 @@ async function listAllTenants() {
     tenants.forEach(tenant => {
         let coreConfig = tenant.coreConfig;
 
-        let isEmailPasswordLoginEnabled = tenant.emailPassword.enabled;
-        let isThirdPartyLoginEnabled = tenant.thirdParty.enabled;
-        let isPasswordlessLoginEnabled = tenant.passwordless.enabled;
+        let firstFactors = tenant.firstFactors;
 
         let configuredThirdPartyProviders = tenant.thirdParty.providers;
     });
 }
 ```
 
+The value of `firstFactors` can be as follows:
+
+- `undefined`: All login methods are enabled in the core, any auth recipe initialised in the backend SDK will work
+- `[]` (empty array): No login methods are enabled for the tenant
+- a non-empty array: Only the login methods in the array are enabled for the tenant
+
 </TabItem>
 <TabItem value="go">
 
@@ -170,7 +174,7 @@ for tenant in response.tenants:
 <CoreInjector defaultValue="http://localhost:3567" showAppId showTenantId={false}>
 
 ```bash
-curl --location --request GET '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/list' \
+curl --location --request GET '^{coreInjector_uri_without_quotes}/recipe/multitenancy/tenant/list/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json'
 ```
@@ -184,21 +188,22 @@ You will get the following JSON output:
     "status": "OK",
     "tenants": [{
         "tenantId": "customer1",
-        "emailPassword": {
-            "enabled": true
-        },
         "thirdParty": {
-            "enabled": true,
             "providers": [...]
         },
-        "passwordless": {
-            "enabled": true
-        },
-        "coreConfig": {...}
+        "coreConfig": {...},
+        "firstFactors": [...]
     }]
 }
 ```
 
+The value of `firstFactors` can be as follows:
+
+- `undefined`: All login methods are enabled in the core, any auth recipe initialised in the backend SDK will work
+- `[]` (empty array): No login methods are enabled for the tenant
+- a non-empty array: Only the login methods in the array are enabled for the tenant
+
+
 </TabItem>
 
 </BackendSDKTabs>
@@ -210,7 +215,7 @@ This can only be done via a cURL command. There is no helper function for this i
 <CoreInjector defaultValue="http://localhost:3567" showAppId showTenantId={false} showAppId={false}>
 
 ```bash
-curl --location --request GET '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app/list' \
+curl --location --request GET '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app/list/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json'
 ```
@@ -226,17 +231,11 @@ You will get the following JSON output:
         "appId": "app1",
         "tenants": [{
             "tenantId": "customer1",
-            "emailPassword": {
-                "enabled": true
-            },
             "thirdParty": {
-                "enabled": true,
                 "providers": [...]
             },
-            "passwordless": {
-                "enabled": true
-            },
-            "coreConfig": {...}
+            "coreConfig": {...},
+            "firstFactors": [...]
         }]
     }]
 }

diff --git a/v2/multitenancy/new-app.mdx b/v2/multitenancy/new-app.mdx
@@ -34,14 +34,12 @@ In order to create a new app in the SuperTokens core, you can use the following
 <CoreInjector defaultValue="http://localhost:3567" showAppId={false}>
 
 ```bash
-curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app' \
+curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multitenancy/app/v2' \
 --header 'api-key: ^{coreInjector_api_key_without_quotes}' \
 --header 'Content-Type: application/json' \
 --data-raw '{
     "appId": "app1",
-    "thirdPartyEnabled": true,
-    "passwordlessEnabled": true,
-    "emailPasswordEnabled": true,
+    "firstFactors": ["emailpassword", "thirdparty", "otp-email", "otp-phone"]
     "coreConfig": {...}
 }'
 ```
@@ -51,7 +49,16 @@ curl --location --request PUT '^{coreInjector_uri_without_quotes}/recipe/multite
 - The above command will create (or update) an app with the appId of `app1`.
 - It will also create a default tenant for this app with the tenant ID of `public` (i.e. the default tenantId)
 - You can set various core configs for this app (see the config.yaml / docker env var options for your core). The core configs for a new app will inherit from the the configs provided in the config.yaml / docker env (or our edit config dashboard for managed service).
-- By default, all the login methods are enabled for a new app (specifically, the `public` tenant of the new app), but you can pass in `false` to any of the login methods specified above to disable them. 
+- By default, all the login methods are enabled for a new app (specifically, the `public` tenant of the new app), but you can pass in `firstFactors` input to specifically enable selected login methods.
+
+The built-in Factor IDs that can be used for `firstFactors` are:
+- Email password auth: `emailpassword`
+- Social login / enterprise SSO auth: `thirdparty`
+- Passwordless:
+    - With email OTP: `otp-email`
+    - With SMS OTP: `otp-phone`
+    - With email magic link: `link-email`
+    - With SMS magic link: `link-phone`
 
 :::important
 Even if a login method is enabled for a tenant, you will still require to initialise the right recipe on the backend for sign up / in to be possible with that login method. For example, if for a tenant, you have enabled the passwordless login method, but don't use the passwordless (or a combination recipe that has passwordless) on the backend, then end users will not be able to sign up / in using the passwordless APIs cause those APIs won't be exposed via our backend SDK's middleware.