Build your login flow with

in under 60 seconds
( No credit card required )

How it works

Step 1: Add a login link to your page.

(Send your users to Waaard)

Add a login link to your appplication that has your Application ID like this ⬇️

<a href="">
    Log in with Github

Want to track this login attempt specifically? Generate and send a session_id!

Step 2: Catch the redirect from Waaard.

(Receive encrypted user information)

Use paseto to decrypt the user data, with your App Secret

In NodeJS
that looks like this: ⬇️

import { V3 as pasetoV3 } from "paseto";

app.get("/waaard/login", async (req, res) => {
  // (optional) get and use the session ID you provided earlier
  const sessionID = req.query["session_id"];

  // Decrypt the user data
  const encrypted = req.query["encrypted_auth_data"];
  const decrypted = await pasetoV3.decrypt(
    ' your login app secret ',

  // authn contains email, username, and organizations
  const { waaardID, provider, authn } = decrypted;

  // (optional) Save waaardID, provider, and user details

  // (optional) Set secure cookies to remember the user
  // NOTE(🔐): don't forget Expires/MaxAge, HTTPOnly, & Secure

Wondering what that authn object has in it? ⬇️

export class ClientLoginAuthData {
  // ID for the user, according to Waaard
  public waaardID: string;

  // Provider the user used to login (ex. 'twitter', 'github')
  public provider: string;

  // Client App ID (this, you already have)
  public clientAppID: string;

  // ISO string which represents when the user was created
  public createdAtISO8601: string;

  // Available AuthN information, normalized across providers
  public authn: {
    // Username (not "display name"),
    // only used sites where user names *cannot be changed* (ex. Reddit)
    username?: string;

    // Email address
    email?: string;

    // Organizations, if any (ex. Github)
    organizations?: ClientLoginOrganization[];

Step 3: There's no Step 3.

(You've got login working on your site! 🎉)

If you've done #1 and #2, new and existing users can now log in to your site!

Returning users have the cookie you set, so there's no need to re-authenticate.

When a user's cookie expires, the user can login with Waaard again.

Supported Login providers
icon of an password field representing password
icon of an envelope representing email address
Google logo Github logo Gitlab logo Twitter Logo Instagram Logo YCombinator Logo (representing HackerNews)
Facebook Logo Reddit Logo Twitch Logo Discord Logo LinkedIn Logo BitBucket Logo Stripe Logo Heroku Logo
  • 1

    Is Waaard For Login Secure?

  • 2

    What information can I get for a given user?

  • 3

    Can I have multiple OAuth Providers?

  • 4

    Is there a free tier?

  • 5

    Can I run Waaard For Login On-Premise?