Guides

Authentication - Backend Server

A high-level overview of how authentication works with a backend server.

Suggest Edits

Login

Steps:

  1. The user clicks the Login button on your website or application.
  2. The user is sent to the Login Endpoint implemented by your backend server.
  3. The backend server creates an Authorization Request and redirects the user to the Wristband Authorize Endpoint.
  4. Wristband validates and records the Authorization Request and redirects the user to the Wristband-hosted Login page.
  5. The user provides their credentials to authenticate.
  6. The Login Page redirects to your application's Callback Endpoint with an authorization code.
  7. The Callback Endpoint calls Wristband's Token Endpoint to exchange the authorization code for an access token.
  8. The Callback Endpoint establishes an application session and sets a session cookie.
  9. The user is redirected to your application's entry point.

Password Login Flow


Logout

Steps:

  1. The user clicks the Logout button within your application.
  2. The user is sent to the Logout endpoint of your backend server.
  3. The backend server destroys the session cookie.
  4. The backend server calls the Revoke Token Endpoint to revoke the refresh token.
  5. The user is redirected to the Wristband Logout Endpoint.
  6. Wristband destroys the authentication session and redirects the user to your application's Login endpoint.

Backend Server Logout Flow

Updated 7 days ago