Skip to main content

AuthenticationStrategy

@vendure/coreSource

An AuthenticationStrategy defines how a User (which can be a Customer in the Shop API or and Administrator in the Admin API) may be authenticated.

Real-world examples can be found in the Authentication guide.

Info

This is configured via the authOptions.shopAuthenticationStrategy and authOptions.adminAuthenticationStrategy properties of your VendureConfig.

Signature

name

propertystring

The name of the strategy, for example 'facebook', 'google', 'keycloak'.

defineInputType

method() => DocumentNode

Defines the type of the GraphQL Input object expected by the authenticate mutation. The final input object will be a map, with the key being the name of the strategy. The shape of the input object should match the generic Data type argument.

Example

For example, given the following:

Ts

assuming the strategy name is "my_auth", then the resulting call to authenticate would look like:

GraphQL

Note: if more than one graphql input type is being defined (as in a nested input type), then the first input will be assumed to be the top-level input.

authenticate

method(ctx: RequestContext, data: Data) => Promise<User | false | string>

Used to authenticate a user with the authentication provider. This method will implement the provider-specific authentication logic, and should resolve to either a User object on success, or false | string on failure. A string return could be used to describe what error happened, otherwise false to an unknown error.

onLogOut

method(ctx: RequestContext, user: User) => Promise<void>

Called when a user logs out, and may perform any required tasks related to the user logging out with the external provider.

Was this chapter helpful?
Report Issue
Edited Feb 10, 2026ยทEdit this page