Alternative way to sign the user in
For context: Slack has two OAuth systems in place:
- OpenID-compatible one, designed purely for user authentication (“Sign In With Slack”). This is what this PR https://github.com/wasp-lang/wasp/pull/2764 adds to Wasp.
- general API access one, designed for issuing bot- and user-tokens.
Of course, supported scopes are very different and they also use separate endpoints for receiving access tokens.
When user goes through this second OAuth flow (for example, slack app installation into workspace goes through this flow), resulting access_code can be technically used to authenticate the user as well (user/workspace info is returned in the code exchange call). Note that since the token exchange endpoint is different to the sign in endpoint, Slack Auth Provider can't be re-used here - this needs to be a separate call.
Now, here is the user experience I am after:
- User can go to the website and click "Sign in with Slack" or
- User can install an app from the Slack Marketplace, and automagically get redirected to the website after install, including being already sign-in
The missing piece now is just creating session token and getting it to the FE with minimal effort. I would need to find or create authId, then create one time code and pass it to FE. However, this internal auth functionality is mainly encapsulated in the Wasp internals, so it's rather hard to extend it to the outside (at least I didn't found a way to do this yet).
Is there a way of "manually" signing user in, that I'm not aware of? If not, how would we extend SDK to do this?
GitHub
Slack Auth support by Scorpil · Pull Request #2764 · wasp-lang/wasp
Description
Describe your PR! If this PR closes an issue, use “Fixes #(issue_number)" syntax so GitHub will auto-close it when merged.
Select what type of change this PR introduces:
Ju...
7 Replies
Hi @scorpil. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the available knowledge sources, Wasp’s authentication system is currently designed to encapsulate most of the internal auth/session logic, making it difficult to manually create a session or sign a user in from outside the standard flows. There is no documented, officially supported way to "manually" create a session token and pass it to the frontend outside of the built-in authentication mechanisms.
A few relevant points from the sources:
- Wasp’s auth is built on top of Lucia, and there is ongoing work to expand OAuth provider support (e.g., via Arctic), but the internal session/token management is not exposed for custom flows like the one you describe for Slack’s general API access OAuth flow. The encapsulation of auth logic is mentioned as a challenge for extending or customizing authentication flows beyond what Wasp currently supports out of the box. This is echoed in discussions about the difficulty of extending internal auth functionality for custom use cases, such as mobile or external integrations, where the lack of a public API for session creation is a blocker How can I authenticate a user from a mobile app.
- There are suggestions in the community about workarounds, such as using custom middleware to inject user info into requests, but these are not documented as official or recommended solutions for session creation or manual sign-in Use Oauth protocol with other than Google or Github.
- The current approach for custom authentication (e.g., generating JWTs) involves creating custom API endpoints and handling token creation yourself, but this is separate from Wasp’s session management and does not integrate with its built-in session system Best Practices for Implementing Auth System in Chrome Extension Connected to OpenSaaS.
In summary:
There is no officially documented way to manually create a Wasp session or sign a user in from outside the standard auth flows. Extending the SDK to support this would likely require exposing internal session creation logic or providing a public API for it, which is not currently available. If you need this functionality, you may want to open a feature request or contribute to the Wasp codebase to add such an extension point. If you need to implement this now, you would have to work around Wasp’s internals, which is not straightforward and not covered in the current documentation or community discussions. If you need more details or want to discuss possible workarounds, the Wasp Discord or GitHub issues are good places to engage with the core team and community for guidance. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @scorpil, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
There is no officially documented way to manually create a Wasp session or sign a user in from outside the standard auth flows. Extending the SDK to support this would likely require exposing internal session creation logic or providing a public API for it, which is not currently available. If you need this functionality, you may want to open a feature request or contribute to the Wasp codebase to add such an extension point. If you need to implement this now, you would have to work around Wasp’s internals, which is not straightforward and not covered in the current documentation or community discussions. If you need more details or want to discuss possible workarounds, the Wasp Discord or GitHub issues are good places to engage with the core team and community for guidance. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @scorpil, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
I think this is a bit above your paygrade @kapa.ai, but nice try.
cc @miho would appreciate your input once you have a moment
Let me check the knowledge base for you again. One moment! :books:
----------------------
Based on the knowledge sources provided, there is currently no officially documented way in Wasp to manually create a session or sign a user in from outside the standard authentication flows. The internal session and authentication logic is encapsulated within Wasp, and there is no public API or SDK method exposed for creating sessions or issuing session tokens programmatically after a custom OAuth flow, such as the Slack app installation flow you described.
Community discussions confirm this limitation:
- Wasp’s authentication is built on top of Lucia, and while there are ongoing efforts to expand OAuth support (e.g., with Arctic), the ability to manually create sessions or inject users into the session context is not currently exposed. This has been noted as a challenge for custom integrations and mobile apps, where the lack of a public API for session creation is a blocker. The recommended approach in such cases is to use the built-in flows or to request this feature from the Wasp team for future releases How can I authenticate a user from a mobile app. - Some community members have discussed workarounds, such as using custom middleware to inject user info into requests, but this is not an official or documented solution for session creation or manual sign-in Use Oauth protocol with other than Google or Github. Summary:
- There is no supported way to "manually" sign a user in or create a session token from a custom OAuth flow in Wasp at this time. - Extending the SDK to support this would require changes to Wasp’s internals, which is not currently documented or supported. - If this is a critical feature for your use case, you may want to open a feature request or discuss it further with the Wasp team. If you need more details or want to explore possible workarounds, engaging with the Wasp team on Discord or GitHub is recommended. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @scorpil, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
- Wasp’s authentication is built on top of Lucia, and while there are ongoing efforts to expand OAuth support (e.g., with Arctic), the ability to manually create sessions or inject users into the session context is not currently exposed. This has been noted as a challenge for custom integrations and mobile apps, where the lack of a public API for session creation is a blocker. The recommended approach in such cases is to use the built-in flows or to request this feature from the Wasp team for future releases How can I authenticate a user from a mobile app. - Some community members have discussed workarounds, such as using custom middleware to inject user info into requests, but this is not an official or documented solution for session creation or manual sign-in Use Oauth protocol with other than Google or Github. Summary:
- There is no supported way to "manually" sign a user in or create a session token from a custom OAuth flow in Wasp at this time. - Extending the SDK to support this would require changes to Wasp’s internals, which is not currently documented or supported. - If this is a critical feature for your use case, you may want to open a feature request or discuss it further with the Wasp team. If you need more details or want to explore possible workarounds, engaging with the Wasp team on Discord or GitHub is recommended. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @scorpil, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
Hey @scorpil I'm deep into some other tasks today, but I'll take a look tomorrow. Until then, here's a example of doing auth-like stuff from user-land, it might inspire you to think of a solution which might work for you with the existing APIs https://gist.github.com/infomiho/3c63de7d53aba59d6293bcb59501a029
Also, here's how you can orchestrate some auth from a 3rd party client (Expo) https://github.com/wasp-lang/wasp-expo-app
Sharing mostly as example code, maybe to help you rn, I'll do a deeper dive tomorrow 👍
Gist
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server
GitHub
GitHub - wasp-lang/wasp-expo-app: Example of using Wasp's auth and ...
Example of using Wasp's auth and API in an Expo mobile app - wasp-lang/wasp-expo-app
No worries from the first look you pretty much answered my question already with the first link 😄 thanks
Sweet, let me know if I can help you with anything else then 👍
@miho These gists of yours are really paying dividends
@scorpil Ping us if you have more questions 🙂