Build your login flow with
in under 60 seconds
Reddit
in under 60 seconds
How it works
Step 1: Add a login link to your page.
(Send your users to Waaard)
Add a login link to your appplication that has your Application ID like this ⬇️
<a href="https://waaard.com/go/login?provider=github&app_id=...">
<button>
Log in with Github
</button>
</a>
Want to track this login attempt specifically? Generate and send a session_id
!
Step 2: Catch the redirect from Waaard.
(Receive encrypted user information)
Use paseto
to decrypt the user data, with your App Secret
In NodeJS (Express) that looks like this: ⬇️
import { V3 as pasetoV3 } from "paseto";
app.get("/waaard/login", async (req, res) => {
// (optional) get and use the session ID you provided earlier
const sessionID = req.query["session_id"];
// Decrypt the user data
const encrypted = req.query["encrypted_auth_data"];
const decrypted = await pasetoV3.decrypt(
encrypted,
' your login app secret ',
);
// authn contains email, username, and organizations
const { waaardID, provider, authn } = decrypted;
// (optional) Save waaardID, provider, and user details
// (optional) Set secure cookies to remember the user
// NOTE(🔐): don't forget Expires/MaxAge, HTTPOnly, & Secure
});
Wondering what that authn
object has in it? ⬇️
export class ClientLoginAuthData {
// ID for the user, according to Waaard
public waaardID: string;
// Provider the user used to login (ex. 'twitter', 'github')
public provider: string;
// Client App ID (this, you already have)
public clientAppID: string;
// ISO string which represents when the user was created
public createdAtISO8601: string;
// Available AuthN information, normalized across providers
public authn: {
// Username (not "display name"),
// only used sites where user names *cannot be changed* (ex. Reddit)
username?: string;
// Email address
email?: string;
// Organizations, if any (ex. Github)
organizations?: ClientLoginOrganization[];
};
}
Step 3: There's no Step 3.
(You've got login working on your site! 🎉)
If you've done #1 and #2, new and existing users can now log in to your site!
Returning users have the cookie you set, so there's no need to re-authenticate.
When a user's cookie expires, the user can login with Waaard again.
Supported Login providers
FAQ
- 1
Is Waaard For Login Secure?
- 2
What information can I get for a given user?
- 3
Can I have multiple OAuth Providers?
- 4
Is there a free tier?
- 5
Can I run Waaard For Login On-Premise?