Wasp•10mo ago

Best way to implement custom LDAP authentication in Wasp

Hi everyone,
I’m considering implementing a custom authentication method in Wasp using LDAP, but I’m not sure if it’s the right approach. I know that Wasp provides built-in authentication, and I’ve seen that there’s an

onBeforeLogin

onBeforeLogin

hook that I could potentially use for this with the

usernameAndPassword

usernameAndPassword

-method. However, that feels like a bit of a hack, and I’d rather follow a proper approach if one exists. Can someone guide me in the right direction?

kapa.ai•3/16/25, 7:04 PM

Hi @Xenos. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base.

kapa.ai•3/16/25, 7:04 PM

----------------------
I understand you're looking to implement LDAP authentication in Wasp. Based on the knowledge sources, Wasp doesn't have built-in LDAP authentication, but there are a few approaches you could take.

Custom Authentication Implementation

The most appropriate approach would be to create a custom sign-up action using Wasp's lower-level authentication primitives. This is preferable to trying to hack the

onBeforeLogin

onBeforeLogin

hook (which isn't mentioned in the provided documentation).

Here's how you could approach it:

**Use the username & password auth method as a base**You can enable the username & password authentication in your Wasp app and then customize it with your own sign-up and login actions.
**Create custom sign-up and login actions**As mentioned in the documentation, you can create custom authentication flows by:
"Create your custom sign-up action which uses the lower-level API, along with your custom code."
[Username & Password - Customizing the Auth Flow](<https://wasp-lang.dev/docs/auth/username-and-pass#customizing-the-auth-flow>)
**Implement LDAP verification in your custom actions**In your custom sign-up and login actions, you would add the LDAP verification logic. The documentation provides examples of how to create custom sign-up actions:```typescript// Example of how you might structure your custom login action with LDAPexport const login: CustomLogin< CustomLoginInput, CustomLoginOutput
= async (args, context) => {
// Your LDAP verification logic here // If successful, use Wasp's auth primitives to create/authenticate the user // Use the lower-level auth primitives from wasp/server/auth // ...}```

A community member on Discord mentioned this approach:

kapa.ai•3/16/25, 7:04 PM

"You can do your own custom logic by following instructions here: https://wasp-lang.dev/docs/auth/username-and-pass#2-creating-your-custom-sign-up-action. It means you need to implement your own Auth UI component, and also your own signup action."

🙋questionsIs it possible to redirect post requests in wasp

Future Improvements

It's worth noting that the Wasp team is working on improving authentication hooks. As mentioned in a Discord thread:

"We will be adding hooks where you will be able to run code after/before signup/login, but yeah we don't have that yet unfortunately!"

🙋questionsIs it possible to redirect post requests in wasp

These hooks would make custom authentication methods like LDAP easier to implement in the future.

In summary, the best current approach is to implement custom sign-up and login actions using Wasp's lower-level authentication primitives, where you can add your LDAP verification logic.
----------------------
Note: you can ask me a follow up question by @ mentioning me again

----------------------

kapa.ai•3/16/25, 7:04 PM

Sorry @Xenos, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:

Perhaps try again in 15mins?

miho•3/17/25, 2:08 PM

Wasp supports Keycloak as an auth provided, could that work for you? https://wasp.sh/docs/auth/social-auth/keycloak

Also here's an example of implemented a custom auth provider with custom APIs: https://gist.github.com/infomiho/3c63de7d53aba59d6293bcb59501a029#gistcomment-5372273

Keycloak | Wasp

Wasp supports Keycloak Authentication out of the box.

Gist

Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...

Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server

XenosOP•3/17/25, 2:58 PM

oh wow. you're right. I wasn't sure what exactly keycloak was, so I just scrolled through it... but it's actually exactly what I'm looking for. Thank you!

matijash•3/17/25, 8:58 PM

@Xenos I'm interested if you can share a bit about what you're building? Always super helpful to learn from the community and see how we can make things better/easier

Mmatijash @Xenos I'm interested if you can share a bit about what you're building? Always ...

XenosOP•3/17/25, 9:16 PM

Sure! I work in IT at a large tech company, and we write small tools from time to time to make life easier for users. It can be anything from a small time tracker to lunch ordering helper haha

I'm still evaluating at the moment, but wasp sounds perfect for it!

XXenos Sure! I work in IT at a large tech company, and we write small tools from time t...

matijash•3/17/25, 9:45 PM

ha awesome, that's cool to hear

Let us know if any qs