Secure your
app with ease

Configure auth in minutes with your identity provider. Manage complex permissions using role-based access control with OpenID Connect or JWT.

Integrates with

Seamless integration

Grafbase works out of the box with popular authentication strategies.

OpenID Illustration

OpenID Connect

Secure your GraphQL backend with any OpenID Connect provider that supports the OIDC Discovery Specification.

JWT Illustration


Configure a shared secret to be used to decode and verify claims of tokens sent with GraphQL requests using JWTs.

Permissions made easy

Grafbase sits between your user management provider and database making sure only those who should have access, do.

Signed-in rules

Create rules for any signed-in user to access any data source in your Grafbase backend.

Group-based rules

Create rules for user groups and roles with custom claims managed by the connected auth provider.

Global rules

Opt-out of signed-in and role-based access control by configuring access to any data source with global rules.

Type-level rules

Create rules for specific models that control access for signed-in or group-based users.

Field-level rules

Create rules for fields of models that control access for signed-in or group-based users.

Operation rules

Create rules for signed-in or group-based users to restrict who can create, read, update, and delete data.

Start building with Grafbase today

Get started with auth in minutes with one of our guides.

Clerk + Grafbase

Clerk provides a collection of highly customizable components that can add user registration, login, forgot user password flows, user impersonation, and more.

Explore other features


Zero config local development

Edge Gateway

Unified data layer at the edge


Collaborate on backend changes with your team without the hassle

Edge Caching

Accelerate any API or database


Realtime performance insights