Does Multitenancy add on support REST API addon?

Does generic REST API by default support Multitenancy addon ? If no how can I add this feature ?

Yes, multi-tenancy and REST API should work together. If you have any specific problems with it, please describe them in details.

It seems like it doesn’t work together. Because when I got a token from specific tenant user, it returns all data without depending on such tenant data.

# 'jb_vision' client authorization configurations
spring.security.oauth2.authorizationserver.client.my_client.registration.client-id=my_client
spring.security.oauth2.authorizationserver.client.my_client.registration.client-secret={noop}secret
spring.security.oauth2.authorizationserver.client.my_client.registration.client-authentication_methods=client_secret_basic
spring.security.oauth2.authorizationserver.client.my_client.registration.authorization-grant-types=client_credentials,authorization_code,refresh_token
spring.security.oauth2.authorizationserver.client.my_client.registration.redirect-uris=https://oauthdebugger.com/debug
spring.security.oauth2.authorizationserver.client.my_client.token.access-token-format=reference
spring.security.oauth2.authorizationserver.client.my_client.token.access-token-time-to-live=2d
spring.security.oauth2.authorizationserver.client.my_client.token.refresh-token-time-to-live=30d
spring.security.oauth2.authorizationserver.client.my_client.require-proof-key=false
jmix.authserver.client.my_client.client-id = my_client
jmix.authserver.client.my_client.resource-roles = system-full-access

Here is example of my authorization configurations. But result is:
image
Tenants are different in above attached picture.

The request of getting access token:

curl --location 'https://bot3.smartbox.uz/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic somethingencodedclientidandsecrets' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'redirect_uri=https://oauthdebugger.com/debug' \
--data-urlencode 'code=tTG7HlaN-WpuJWZOA2wY28VOjKc2-PQTDjsDg_Ioe-H6E9nq9HnIZw8f67tLLEcUUKvEPsQt4aZi_cvKkrxyq5kpkz8WD2Gh58M-FkZZ8MsK_dTBLlTRnJehFyTPmq2T'

I’m sure for logging in through specific tenant user!..

How can I solve the problem?

What does the /api/vision/branches endpoint do? It’s not a generic REST API endpoint provided by Jmix. How do you load data inside the controller of this endpoint?

Simply through dataManager like:

 public List<Department> getAllDepartments() {
     return dataManager.load(Department.class).all().list();
 }

In addition, tenantProvider returns no_tenant. In previous JMIX versions and CUBA platform it returns tenantId for logged in user when I request to /oauth/token endpoint and simply I can got data for such tenantId.

Thank you for the explanation. I was able to reproduce the problem. Here is the GitHub issue.