Just getting into multi-tenancy and the Ash support for it. My schema looks like:
Organisation (global, tenant entity)
Identity (global) —(has many)—> User (tenant)
User (tenant) —(has many)—> Project (tenant)
Token (global)
So if a User has a record, it means the Identity belongs to the same Organisation as the User record. Authentication is performed for Identity.
Is this reasonable so far?
Now I want to add the API key strategy. But the assumptions are based on a uni-tenant configuration, it seems, adding another strategy to what my schema calls Identity now. But I need the API keys to be associated to an organisation as well, so they need to work for User.
Can I just enable extensions: [AshAuthentication] for User? Of course I tried, but Ash complains:
** (Spark.Error.DslError) authentication -> tokens -> enabled?:
The `:api_key` authentication strategy requires tokens be enabled.
But “tokens” means JWT tokens, no?
What is the recommended approach here? Or is there a flaw in my foundation?
Thanks again to the Ash team for the amazing work! ![]()






















