I'm trying to build a multi-tenant application using Stormpath. The stack being used is Angular + Express. I'm using the 'Directory-per-Organization' strategy to organize my multi-tenant accounts. My Login form has a 'Organization ID' form field for user to specify the organization’s nameKey.
Is there a specific format in which this field needs to be passed to the stormpath-express backend? Stormpath-Angular SDK has no mention of this. Assuming there is no specific format, I tried adding a preLoginHandler on the stormpath-express side to retrieve the org Id form field mentioned above and set a {accountStore : {nameKey : myOrgNameKey }} on the request body. This however does not authenticate against the specified organization. Instead, it tries to match against all the organizations mapped to the application. I tested this my typing in invalid random strings for Org ID field.
As an aside, Stormpath’s site (api.stormpath.com/login) too does not seem to authenticate against the specified tenant Key. As long as the username and password credentials are fine, I can type in any string in the tenant field and it seems to log me in fine.
I want the username-password credentials to be checked only against the specified organization key and not against all the organizations mapped to the application. How do I go about this ?