W
Wasp3w ago
Xenos

Best way to implement custom LDAP authentication in Wasp

Hi everyone, I’m considering implementing a custom authentication method in Wasp using LDAP, but I’m not sure if it’s the right approach. I know that Wasp provides built-in authentication, and I’ve seen that there’s an onBeforeLogin hook that I could potentially use for this with the usernameAndPassword-method. However, that feels like a bit of a hack, and I’d rather follow a proper approach if one exists. Can someone guide me in the right direction?
6 Replies
kapa.ai
kapa.ai3w ago
Hi @Xenos. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- I understand you're looking to implement LDAP authentication in Wasp. Based on the knowledge sources, Wasp doesn't have built-in LDAP authentication, but there are a few approaches you could take. Custom Authentication Implementation The most appropriate approach would be to create a custom sign-up action using Wasp's lower-level authentication primitives. This is preferable to trying to hack the onBeforeLogin hook (which isn't mentioned in the provided documentation). Here's how you could approach it: 1. Use the username & password auth method as a base You can enable the username & password authentication in your Wasp app and then customize it with your own sign-up and login actions. 2. Create custom sign-up and login actions As mentioned in the documentation, you can create custom authentication flows by:
"Create your custom sign-up action which uses the lower-level API, along with your custom code."
Username & Password - Customizing the Auth Flow 3. Implement LDAP verification in your custom actions In your custom sign-up and login actions, you would add the LDAP verification logic. The documentation provides examples of how to create custom sign-up actions: 
   // Example of how you might structure your custom login action with LDAP
   export const login: CustomLogin<
     CustomLoginInput,
     CustomLoginOutput
   > = async (args, context) => {
     // Your LDAP verification logic here
     // If successful, use Wasp's auth primitives to create/authenticate the user
     
     // Use the lower-level auth primitives from wasp/server/auth
     // ...
   }
   
   // Example of how you might structure your custom login action with LDAP
   export const login: CustomLogin<
     CustomLoginInput,
     CustomLoginOutput
   > = async (args, context) => {
     // Your LDAP verification logic here
     // If successful, use Wasp's auth primitives to create/authenticate the user
     
     // Use the lower-level auth primitives from wasp/server/auth
     // ...
   }
A community member on Discord mentioned this approach:
"You can do your own custom logic by following instructions here: https://wasp-lang.dev/docs/auth/username-and-pass#2-creating-your-custom-sign-up-action. It means you need to implement your own Auth UI component, and also your own signup action."
Discord support thread Future Improvements It's worth noting that the Wasp team is working on improving authentication hooks. As mentioned in a Discord thread:
"We will be adding hooks where you will be able to run code after/before signup/login, but yeah we don't have that yet unfortunately!"
Discord support thread These hooks would make custom authentication methods like LDAP easier to implement in the future. In summary, the best current approach is to implement custom sign-up and login actions using Wasp's lower-level authentication primitives, where you can add your LDAP verification logic. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @Xenos, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho3w ago
Wasp supports Keycloak as an auth provided, could that work for you? https://wasp.sh/docs/auth/social-auth/keycloak Also here's an example of implemented a custom auth provider with custom APIs: https://gist.github.com/infomiho/3c63de7d53aba59d6293bcb59501a029#gistcomment-5372273
Keycloak | Wasp
Wasp supports Keycloak Authentication out of the box.
Gist
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server
Xenos
XenosOP3w ago
oh wow. you're right. I wasn't sure what exactly keycloak was, so I just scrolled through it... but it's actually exactly what I'm looking for. Thank you!
matijash
matijash3w ago
@Xenos I'm interested if you can share a bit about what you're building? Always super helpful to learn from the community and see how we can make things better/easier 🙂
Xenos
XenosOP3w ago
Sure! I work in IT at a large tech company, and we write small tools from time to time to make life easier for users. It can be anything from a small time tracker to lunch ordering helper haha I'm still evaluating at the moment, but wasp sounds perfect for it!
matijash
matijash3w ago
ha awesome, that's cool to hear 🙂 Let us know if any qs

Did you find this page helpful?