auth-cli login doesnt respect tenant

[trondhindenes]

When doing auth0 login --tenant mytenant-dev.eu.auth0.com there's no guarantee that that is the tenant I will be authenticated against - it seems to be completely random if I have access to multiple tenants in my browser.

I would expect the login command to fail if I end up authenticated to a different tenant than specified - the current functionality is almost a security risk.

I've posted a couple of other issues regarding auth0-cli usage in a multi-tenant situation and I'm afraid the cli is not usable in it's current form for us because of these issues.

[Widcket]

Hi @trondhindenes, thanks for raising this. When logging in to the CLI, you can select the tenant from the dropdown on the Universal Login page. The --tenant global flag has the purpose of picking a particular tenant among the ones you're currently logged in (to perform a particular operation), not picking the one to log in to.

I agree this flag should not be available on the login command.

[trondhindenes]

thanks. From what I can see, I need to ensure that my browser is logged out from any auth0 sessions beofre running auth0 login to be able to be promted for the correct tenant. If i'm already logged in to a tenant, the auth0 cli just assumes that's the one I want to use. It's not very user-friendly for customers with multiple tenants.