Site Home
Guides
LoginTry for Free
Start typing to search…

Add Auth Endpoints

Learn how to create the necessary auth endpoints needed to integrate your application with Wristband.

To implement login and logout flows with Wristband, you'll need to use the Wristband SDK to create the following four endpoints in your ASP.NET application:

  • Login Endpoint
  • Callback Endpoint
  • Logout Endpoint
  • Session Endpoint

You'll create a dedicated file for these authentication endpoints (e.g., /Endpoints/AuthEndpoints.cs) to keep your auth logic organized and separate from your other application routes.

Login Endpoint

The Login Endpoint initiates login requests to Wristband. It constructs the authorization request and redirects the user to Wristband's Authorize Endpoint. From there, the user is directed to Wristband's hosted login page to complete the login process.

Below is a code snippet showing how to use Wristband's SDK to implement the Login Endpoint.

// AuthEndpoints.cs

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;

public static class AuthEndpoints
{
    public static WebApplication MapAuthEndpoints(this WebApplication app)
    {
        // Login Endpoint - route can be whatever you prefer
        app.MapGet("/auth/login", async (
            HttpContext ctx,
            IWristbandAuthService wristbandAuth) =>
        {
            // Call the Wristband Login() method which will return a URL that
            // should be used to redirect to Wristband's hosted login page.
            var wristbandAuthorizeUrl = await wristbandAuth.Login(ctx, null);
            return Results.Redirect(wristbandAuthorizeUrl);
        });

        // ...
          
        return app;
    }
}

Callback Endpoint

After the user successfully authenticates, Wristband redirects to your application's Callback Endpoint. Calling wristbandAuth.Callback() returns a CallbackResult object containing the user's tokens and claims.

To initialize the user's session, invoke theHttpContext.CreateSessionFromCallback() extension method passing in the callback data as a parameter.

Below is a code snippet showing how to use Wristband's SDK to implement the Callback Endpoint.

// AuthRoutes.cs (continued)

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;

public static class AuthEndpoints
{
    public static WebApplication MapAuthEndpoints(this WebApplication app)
    {
        // ...
      
        // Callback Endpoint - route can be whatever you prefer
        app.MapGet("/auth/callback", async (
            HttpContext ctx,
            IWristbandAuthService wristbandAuth) =>
        {
            // Call the Wristband Callback() method to check if the user
            // successfully authenticated. If the user did authenticate successfully, 
            // the user's tokens and claims can be retrieved from the callbackResult.
            var callbackResult = await wristbandAuth.Callback(ctx);

            // For some edge cases, the SDK requires a redirect to restart the login flow.
            if (callbackResult.Type == CallbackResultType.RedirectRequired)
            {
                return Results.Redirect(callbackResult.RedirectUrl);
            }

            // Create a session for the authenticated user. If needed, custom fields can 
            // be stored in the session using the customClaims parameter of the 
            // CreateSessionFromCallback() extension method.
            ctx.CreateSessionFromCallback(callbackResult.CallbackData);

            // Once the Callback Endpoint has completed, we redirect to your app's
            // default return URL (typically your app's home page) or to an explicit
            // return URL, if one was specified in the original login request.
            var returnUrl = callbackResult.CallbackData.ReturnUrl;
            return Results.Redirect(returnUrl ?? "<replace_with_a_default_url>");
        });

        // ...
          
        return app;
    }
}

Logout Endpoint

When a user logs out of your application, you must ensure that all authenticated state associated with the user is cleared. The Logout Endpoint needs to perform three tasks to accomplish this:

  1. Clear the application's local session state.
  2. Revoke any refresh tokens associated with the user.
  3. Redirect to Wristband's Logout Endpoint to terminate the user's Wristband auth session.

Below is a code snippet showing how to use Wristband's SDK to implement the Logout Endpoint.

// AuthRoutes.cs (continued)

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;

public static class AuthEndpoints
{
    public static WebApplication MapAuthEndpoints(this WebApplication app)
    {
        // ...
        
        // Logout Endpoint - route can be whatever you prefer
        app.MapGet("/auth/logout", async (
            HttpContext ctx,
            IWristbandAuthService wristbandAuth) =>
        {
            // Wristband provides convenient HttpContext extension methods for getting
            // all the necessary session data needed to perform the logout operation.
            var logoutConfig = new LogoutConfig
            {
                RefreshToken = ctx.GetRefreshToken(),
                TenantCustomDomain = ctx.GetTenantCustomDomain(),
                TenantName = ctx.GetTenantName(),
            };

            // Use Wristband's extension method to clear your app's local session.
            ctx.DestroySession();

            // Call the Wristband Logout() method. This will revoke any refresh tokens
            // associated with the user and return a Response to redirect to Wristband's 
            // Logout Endpoint. Redirecting to Wristband's Logout Endpoint will terminate 
            // Wristband's auth session associated to the user. When Wristband is done
            // logging out the user it will redirect back to your application's login 
            // URL or to an explicitly provided redirect URL.
            var wristbandLogoutUrl = await wristbandAuth.Logout(ctx, logoutConfig);
            return Results.Redirect(wristbandLogoutUrl);
        });
        
        // ...
        
        return app;
    }
}

Session Endpoint

The Session Endpoint verifies that an incoming request contains a valid session and, if so, returns a response that includes the user's session data. This endpoint is used primarily by the frontend for the following two purposes:

  1. To allow the frontend to determine whether the user has a valid session.
  2. To provide the frontend with the user's session data for use within the browser.

Below is a code snippet showing how to use Wristband's SDK to implement the Session Endpoint.

// AuthRoutes.cs (continued)

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;

public static class AuthEndpoints
{
    public static WebApplication MapAuthEndpoints(this WebApplication app)
    {
        // ...
        
        // Session Endpoint - route can be whatever you prefer.
        app.MapGet("/auth/session", async (
            HttpContext ctx,
            IWristbandAuthService wristbandAuth) =>
        {
            // Call the Wristband GetSessionResponse() extension method to extract the
            // user's session data and populate a SessionResponse. If needed, you can
            // add additional data to the SessionResponse by using the `metadata` 
            // parameter of the GetSessionResponse() method.
            var sessionResponse = ctx.GetSessionResponse();
            return Results.Ok(sessionResponse);
        })
        .RequireWristbandSession(); // Enforces that a valid session cookie is present in the request
        
        return app;
    }
}

Map Auth Endpoints

After implementing the auth endpoints, make sure to map them to your application in your Program.cs file.

// Program.cs (continued)

// ...

app.UseAuthentication();
app.UseAuthorization();
app.UseWristbandSessionMiddleware();


// ADD: Your API routes must go after your auth middlewares
app.MapAuthEndpoints();

app.Run();

Register Your Login Endpoint and Callback Endpoint With Wristband

For several authentication flows, Wristband will need to redirect to your application's Login Endpoint and Callback Endpoint. Therefore, we need to inform Wristband of the URLs for these two endpoints. To do that, we'll need to update the following two fields within the Wristband dashboard:

  • Application Login URL
  • Client Redirect URIs

In the sections below, we'll go over how to update these two fields.

Updating the Application Login URL

To update the Application Login URL, follow these steps.

  1. From the Dashboard Home Page, select the appropriate application.
Select application
  1. Next, on the Application Settings page, locate the Login URL field and set its value to the URL of your application's Login Endpoint. When you are finished, click the "Save" button.
Application login URL

Updating the Client Redirect URIs

To update the Client Redirect URIs, follow these steps.

  1. Select "OAuth2 Clients" from the left navigation bar, then select the client whose ID matches the client ID that was registered with the SDK.
Select application
  1. On the Edit Client page, navigate to the Redirect URIs section and click the "Add+" button. Then enter the URL of your application's Callback Endpoint. When you are finished, click the "Save" button.
Register redirect URI

Updated 13 days ago

What’s Next

With your application's authentication endpoints in place, let's verify that they're working correctly.