Devices are organized in the Identity Store service by the owner ID retrieved from the JWT token. The plgd API will be based on this value to identify the user and grant him the permissions only to devices he owns. By default, JWT claim sub is used as the owner ID. In case you connect the plgd authorization service with the Auth0, each logged-in user can access only his devices. This behaviour can be changed by changing the OWNER_CLAIM configuration property and adding custom claim to your Auth0 users.
How to use custom claim with Auth0
Assign claim to user
Go to Users & Roles
Find your user and edit his details
Extend the user_metadata by a custom claim, e.g.
Assign wildcard permission to your service client
Go to Applications
Edit your Machine to Machine application
Open Advanced Settings, switch to Application Metadata and add entry:
Include custom claim to access token
Go to Rules and create new one
Copy and paste the function below, which uses custom claim https://plgd.dev/tenant
After the rule is created, Auth0 include into every access tokens custom claim https://plgd.dev/tenant used to group users and “their” devices. In case the custom OWNER_CLAIM is configured, devices are no more owned by a single user, but in this case, by the tenant. Each user who is a member of the tenant A will be able to access all the devices of this tenant.