Wacht Bench is live — AI-assisted development for Wacht

Authentication

Authentication model across hosted UI, frontend sessions, and backend request validation.

Wacht authentication spans three layers that should be implemented together.

Lifecycle diagram

User Browser
   |
   | 1) hosted sign-in / sign-up
   v
Wacht Auth UI
   |
   | 2) redirect back with session context
   v
Frontend App (SDK provider + SignedIn/SignedOut)
   |
   | 3) request protected backend route
   v
Backend Service (Node/Rust auth enforcement)
   |
   | 4) authorize + scope check (org/workspace)
   v
Protected data / mutation

Layer 1: user-facing auth entry

Users authenticate through hosted sign-in/sign-up pages and land back in your app with deployment-scoped session context.

Layer 2: frontend session-aware UX

Use SDK components/hooks (SignedIn, SignedOut, UserButton, session hooks) to keep client UX aligned with session state.

Layer 3: backend enforcement

Always enforce auth server-side for protected data and mutations.

End-to-end track

If you want one full walkthrough across frontend and backend together, use:

Full-stack auth lifecycle (React + Rust)

Deployments

The isolation boundary used by the frontend SDK and runtime services.

B2B Access Model

Organizations, workspaces, memberships, roles, and scoped permissions.

On this page

Lifecycle diagram Layer 1: user-facing auth entry Layer 2: frontend session-aware UX Layer 3: backend enforcement End-to-end track