Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

Custom Auth (Authentication System)

Custom Auth is for cases where you already have an authentication system (or you want to build your own) and you want WeWeb to treat users as signed in using the data you provide.

Overview

With Custom Auth, you usually:

  • Sign users in with your own API (for example a backend endpoint you built).
  • Store the session in WeWeb (access token, refresh token, and optional extra data).
  • Load the current user from your system when the app starts or refreshes.

Set up Custom Auth

  1. Go to Data & API → Authentication.
    • A) If this is your first time opening the Authentication area, choose Custom Auth when prompted.
    • B) If this is not your first time, open Configuration, click Switch authentication system, then select Custom Auth.
  3. Click Continue to finish the setup.

Build your sign in flow

1) Sign in with your system

In an Interface workflow (for example, on a login form submit):

  1. Call your sign-in endpoint (for example with Call backend endpoint or HTTP request).
  2. Get an access token (and optionally a refresh token) from the result.

2) Store the session in WeWeb

Add the Custom Auth action Authenticate and pass:

  • Access token
  • Refresh token (Optional)
  • Metadata (Optional - any extra data you want to store with the session)

3) Store the current user in WeWeb

After you’ve retrieved user data (for example from a “me” endpoint), add the Custom Auth action Set user.

This is what makes the signed-in user available in WeWeb and lets you protect content as “authenticated”.

Keep the user loaded (important)

Custom Auth includes a backend trigger called On user load. Use it to refresh the session and load the current user:

  1. Create an Event Trigger workflow for On user load.
  2. In that workflow:
    • Call your “me” endpoint with the stored access token.
    • Finish by calling Set user.

If you don’t set the user during On user load, users may appear signed out after a refresh.

Sign out

Use the Custom Auth action Clear Session to remove the session and the current user.

Common pitfalls

The user signs in but becomes signed out after refresh

This usually means On user load is not set up, or it does not end with Set user.

Tokens are stored, but backend calls fail

Check that your backend requests are sending the token in the format your system expects (for example an Authorization header).

Continue learning