Authentication Overview

An overview of supported authentication methods supported by WunderGraph.

Cookie-Based Authentication is the best possible authentication flow to be used with a web-based application. The WunderGraph Server acts as a Token Handler in this case. The whole flow is handled server-side, on the WunderGraph server, meaning that an auth code is obtained via the browser but exchanged via the secure back-channel (server-to-server).

Once the Authentication flow is complete, a secure encrypted cookie is set, which keeps the user logged in.

OpenID Connect

Authenticate using OIDC.


Authenticate using Auth0.


Authenticate using GitHub.


Authenticate using Google.


Authenticate using Keycloak.

Token-based Auth

Token-Based Authentication is very flexible and gives you a lot of different ways of authenticating client against your WunderGraph applications. This way, you're able to use WunderGraph with code- or device flows. The responsibility to obtain an access token in this scenario is on the client itself.

OpenID Connect JWKS

Authenticate using JSON Web Key Sets.

Auth.js (NextAuth)

Authenticate using Auth.js.

Authenticate using

Was this article helpful to you?
Provide feedback

Edit this page