Add Auth Endpoints
Add the required authentication endpoints to your application server.
To integrate your application with Wristband, you'll need to use the Wristband SDK to implement three endpoints: the Login Endpoint, the Callback Endpoint, and the Logout Endpoint.
Login Endpoint
The Login Endpoint is responsible for initiating login requests to Wristband. Your Login Endpoint URL must match the login URL you configured when you created your Wristband Application. It must also match the LoginUrl value of your SDK configuration.
// AuthRoutes.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;
public static class AuthRoutes
{
public static WebApplication MapAuthEndpoints(this WebApplication app)
{
// Login Endpoint - The path can be any value you prefer, but it must match
// your Wristband application's configured login URL path and the SDK LoginUrl path.
app.MapGet("/auth/login", async (HttpContext httpContext, IWristbandAuthService wristbandAuth) =>
{
try
{
// Call the Wristband Login() method which will return a URL that should
// be used to redirect to Wristband's hosted login page.
var wristbandAuthorizeUrl = await wristbandAuth.Login(httpContext, null);
return Results.Redirect(wristbandAuthorizeUrl);
}
catch (Exception ex)
{
return Results.Problem(detail: $"Unexpected error: {ex.Message}", statusCode: 500);
}
});
...
return app;
}
}
For more details about the Login Endpoint implementation, review our Login Endpoint documentation.
Callback Endpoint
After a user authenticates, Wristband will redirect back to your application's Callback Endpoint. Your Callback Endpoint URL must match the callback URL you configured when you created your Wristband OAuth2 Client. It must also match the RedirectUri value of your SDK configuration.
// AuthRoutes.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;
public static class AuthRoutes
{
public static WebApplication MapAuthEndpoints(this WebApplication app)
{
...
// Callback Endpoint - The path can be any value you prefer, but it must match
// the path of your OAuth2 Client callback URL and the SDK RedirectUri path.
app.MapGet("/auth/callback", async (HttpContext httpContext, IWristbandAuthService wristbandAuth) =>
{
try
{
// Call the Wristband Callback() method to check if the user
// successfully authenticated. If the user did authenticate successfully,
// the user's tokens and claims can be retrieved from the callbackResult.
var callbackResult = await wristbandAuth.Callback(httpContext);
// For some edge cases, such as if an invalid grant was passed to the
// token API, the SDK will require a redirect to restart the login flow.
if (callbackResult.Result == CallbackResultType.REDIRECT_REQUIRED)
{
return Results.Redirect(callbackResult.RedirectUrl);
}
//
// Typically, this is where you would create your session and add CSRF
// handling, however, we'll ignore those topics for now, as they will be
// covered in more detail later in this guide.
//
// Once the Callback Endpoint has completed, we redirect to your app's
// default return URL (typically your app's home page) or to an explicit
// return URL, if one was specified in the original login request.
var appUrl = string.IsNullOrWhiteSpace(callbackResult.CallbackData.ReturnUrl)
? "<replace_with_a_default_return_url>"
: callbackResult.CallbackData.ReturnUrl;
return Results.Redirect(appUrl);
}
catch (Exception ex)
{
return Results.Problem(detail: $"Unexpected error: {ex.Message}", statusCode: 500);
}
});
...
return app;
}
}
For more details about the Callback Endpoint implementation, review our Callback Endpoint documentation.
Logout Endpoint
The Logout Endpoint is responsible for cleaning up any session data and tokens associated with your authenticated user. Your Logout Endpoint path can be any value you want.
// AuthRoutes.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Wristband.AspNet.Auth;
public static class AuthRoutes
{
public static WebApplication MapAuthEndpoints(this WebApplication app)
{
...
// Logout Endpoint - The path can be any value you prefer.
app.MapGet("/auth/logout", async (HttpContext httpContext, IWristbandAuthService wristbandAuth) =>
{
//
// Typically, this is where you would delete state such as session and CSRF
// cookies. However, we'll ignore those topics for now, as they will be covered in
// more detail later in this guide.
//
try
{
// Call the Wristband Logout() method and use the returned URL to redirect
// to Wristband's Logout Endpoint. This will delete Wristband's session
// that is associated to the authenticated user. When Wristband is done
// logging out the user it will redirect back to your application's login
// URL or to the explicitly provided redirect URL.
var wristbandLogoutUrl = await wristbandAuth.Logout(httpContext, null);
return Results.Redirect(wristbandLogoutUrl);
}
catch (Exception ex)
{
return Results.Problem(detail: $"Unexpected error: {ex.Message}", statusCode: 500);
}
});
...
return app;
}
}
For more details about the Logout Endpoint implementation, review our Logout Endpoint documentation.
Map Auth Endpoints
After implementing the auth endpoints, make sure to map them to your application in your Program.cs file.
// Program.cs
...
// API routes
app.MapAuthEndpoints();
...
Updated 3 days ago
Next, let's test that your application can successfully redirect to Wristband's hosted login page.