Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

WeWeb Auth (Authentication System)

WeWeb Auth is WeWeb’s ready-made Authentication System. It helps you add sign in to your app and manage Users and Roles directly in WeWeb.

What this system supports

  • Email-based sign in (when enabled)
  • Optional email verification
  • Optional “prevent sign up” mode (only admins create users)
  • Roles and user management inside WeWeb
  • SSO Providers (for example Google or GitHub), configured in Data & API → Authentication → SSO Providers

Set up WeWeb Auth

  1. Go to Data & API → Authentication.
    • A) If this is your first time opening the Authentication area, choose WeWeb Auth when prompted.
    • B) If this is not your first time, open Configuration, click Switch authentication system, then select WeWeb Auth.
  3. Configure the setup options:
    • Enable email provider
    • Enable email verification (Optional)
    • Prevent sign up (Optional)
    • Password minimum length
    • Reset password token expiration (seconds)
  4. Click Continue.

To change your Authentication System later, go to Data & API → Authentication → Configuration, then click Switch authentication system.

Setup options (details)

Enable email provider

Controls whether users can sign in with email (and use email-based actions like sign up, sign in, reset password, and verification emails).

  • When to enable: Keep this on if you want any email-based sign in.
  • When to disable: Turn this off if you only want users to sign in through SSO Providers (for example Google) and you don’t want email/password or email-based flows.
  • What it affects: When this is off, options like Enable email verification, Prevent sign up, and password settings won’t apply.

Enable email verification

Requires users to verify their email address before they can sign in.

  • Default: Off.
  • When to enable: Use this when you want to reduce fake sign ups and make sure users own the email address they used.
  • What you must set up: Create an Event Trigger workflow for On email verification requested to send the verification link.
  • Dependency: This option only applies when Enable email provider is on.

Prevent sign up

Stops new users from creating their own account. Only admins (you) can create users.

  • When to enable: Use this for internal tools, client portals, or invite-only apps.
  • What changes for users: Your app should only show a sign-in experience (not a “create account” flow).
  • UI behavior: When this is on, Password minimum length is hidden because users can’t sign up themselves.
  • Dependency: This option only applies when Enable email provider is on.

Password minimum length

Sets the minimum password length for email/password accounts.

  • Default: 8.
  • When to increase: If you want stronger passwords (for example 10–12).
  • Note: This only matters for email/password sign up and password changes.
  • Dependency: This option only applies when Enable email provider is on, and it’s hidden when Prevent sign up is enabled.

Reset password token expiration (seconds)

How long password reset links stay valid after being requested.

  • Default: 3600 seconds (1 hour).
  • When to increase: If your users may not open emails quickly (for example, set to 7200 for 2 hours).
  • When to decrease: If you want tighter security (shorter time window).
  • What you must set up: Create an Event Trigger workflow for On password reset requested to send the reset link.
  • Dependency: This option only applies when Enable email provider is on.

Configure SSO Providers (optional)

If you want users to sign in with a third-party account (for example Google), enable the provider in:

Data & API → Authentication → SSO Providers

Each provider requires its own keys and allowed URLs in the provider dashboard. Use the provider’s setup guide to avoid redirect URL errors.

Important: set up the email/SMS workflows

WeWeb Auth can trigger events when it needs you to send a message to the user (for example a magic link or a one-time password). You should handle these with Event Triggers:

  1. Go to Data & API → Workflows.
  2. Create Event Trigger workflows for the WeWeb Auth events you use, such as:
    • On magic link requested (Send a magic link email)
    • On OTP requested (Send the code by email or SMS)
    • On email verification requested
    • On password reset requested

Each event includes the data you need (for example email, otp, or a url).

Test sign in

  1. In the Interface tab, add a login form or login button.
  2. Use the authentication actions (sign up / sign in / sign out) for your chosen method.
  3. Preview and confirm:
    • Sign in works without errors.
    • The user appears in Data & API → Authentication → Users.

For page and API protection, see Users and roles →.

Reference

WeWeb Auth panels in Data & API

When WeWeb Auth is selected, you can manage:

  • Users
  • Roles
  • SSO Providers