Add Auth Middleware

To protect your application endpoints, you'll need to create an authentication middleware instance. Later in this guide, you'll use that middleware on your Express routes to enforce authentication on incoming requests.

Create Auth Middleware

Create an authentication middleware instance in your Wristband configuration file using the createAuthMiddleware() function. This middleware uses the SESSION authentication strategy, so any Express route it's applied to will require incoming requests to include a valid session cookie. The example below shows how to create the middleware instance.

// src/wristband.ts

import { createWristbandAuth } from '@wristband/express-auth';
import { createWristbandSession } from '@wristband/express-auth/session';

export const wristbandAuth = createWristbandAuth({
  clientId: '<WRISTBAND_CLIENT_ID>',
  clientSecret: '<WRISTBAND_CLIENT_SECRET>',
  wristbandApplicationVanityDomain: '<WRISTBAND_APPLICATION_VANITY_DOMAIN>',
});

const sessionOptions = { secrets: '<your-generated-secret>' };

export function wristbandSession() {
  return createWristbandSession(sessionOptions);
}

// NEW: Create an auth middleware instance that can be applied to Express 
// routes to enforce authentication.
export const requireWristbandAuth = wristbandAuth.createAuthMiddleware({
  authStrategies: ['SESSION'],
  sessionConfig: { sessionOptions },
});