Authentication Overview

An overview of supported authentication methods supported by WunderGraph.

Cookie-Based Authentication is the best possible authentication flow to be used with a web-based application. The WunderGraph Server acts as a Token Handler in this case. The whole flow is handled server-side, on the WunderGraph server, meaning that an auth code is obtained via the browser but exchanged via the secure back-channel (server-to-server).

Once the Authentication flow is complete, a secure encrypted cookie is set, which keeps the user logged in.

OpenID Connect

Authenticate using OIDC.

Auth0

Authenticate using Auth0.

GitHub

Authenticate using GitHub.

Google

Authenticate using Google.

Keycloak

Authenticate using Keycloak.

Token-based Auth

Token-Based Authentication is very flexible and gives you a lot of different ways of authenticating client against your WunderGraph applications. This way, you're able to use WunderGraph with code- or device flows. The responsibility to obtain an access token in this scenario is on the client itself.

Authentication Overview

OpenID Connect

Auth0

GitHub

Google

Keycloak

Token-based Auth

OpenID Connect JWKS

Auth.js (NextAuth)

Clerk.com

Cookie-based Auth a { text-decoration: none; } a:hover { opacity: 1; }

Token-based Auth a { text-decoration: none; } a:hover { opacity: 1; }

Cookie-based Auth

Token-based Auth