Token-Based Authentication is very flexible and gives you a lot of different ways of authenticating clients against your WunderGraph applications. This way, you're able to use WunderGraph with code- or device flows. The responsibility to obtain an access token in this scenario is on the client itself.
Configuring token-based Authentication is straight forward. You can set the
jwksJSON in the token-based authentication configuration.
If the token is opaque (just a reference), the JWKS step will be skipped and the
userInfoEndpoint is required. The user info endpoint allows the server to obtain all available claims from the user, e.g. their username and email, which are then stored within the WunderGraph user Identity.
Using token based Authentication with WunderGraph follows a simple principle. Your client obtains a token any way they want. They then set the token as the Authorization Header.
setAuthorizationToken method of the client to set the token.
When using the WunderGraph Next.js integration, you can set the token using the
useAuthMiddlware hook. This will inject the token into the client headers. You can retrieve the token asynchroniously from your auth client.