Site Home
Guides
LoginTry for Free
Start typing to search…

Install Auth SDK

Learn how to configure the Wristband SDK for your Express application.

Installation

Install the Wristband Auth SDK using your preferred package manager CLI:

npm install @wristband/express-auth
yarn add @wristband/express-auth
pnpm add @wristband/express-auth

Configuration

Prerequisites

Before you can configure the SDK, you'll need to make sure you have the following values:

  • WRISTBAND_APPLICATION_VANITY_DOMAIN
  • WRISTBAND_CLIENT_ID
  • WRISTBAND_CLIENT_SECRET

If you went through the Set Up a Wristband Application guide, you should have been presented with these three values after the application was provisioned. If you don't have the above values on hand, you can retrieve them from the Wristband dashboard by following the steps in this guide.

Configure The SDK

Create an instance of WristbandAuth in the source root directory of your Express project (e.g.src/wristband.ts). Update the auth config properties with the values for your application.

⚙️

Disabling Secure Cookies in Local Development

By default, WristbandAuth creates secure cookies (for tracking login state), meaning they are only sent over HTTPS connections. Most browsers make an exception for localhost and allow secure cookies to be sent over HTTP (e.g., http://localhost). However, some browsers, such as Safari, enforce stricter rules and never send secure cookies over HTTP, even for localhost.

If you need to disable the secure cookies for local development, set dangerouslyDisableSecureCookies: true in your auth config properties. However, be sure to re-enable secure cookies before deploying to production.

// src/wristband.ts

import { createWristbandAuth } from '@wristband/express-auth';

export const wristbandAuth = createWristbandAuth({
  clientId: '<WRISTBAND_CLIENT_ID>',
  clientSecret: '<WRISTBAND_CLIENT_SECRET>',
  wristbandApplicationVanityDomain: '<WRISTBAND_APPLICATION_VANITY_DOMAIN>',
});
// src/wristband.ts

import { createWristbandAuth } from '@wristband/express-auth';

export const wristbandAuth = createWristbandAuth({
  clientId: '<WRISTBAND_CLIENT_ID>',
  clientSecret: '<WRISTBAND_CLIENT_SECRET>',
  wristbandApplicationVanityDomain: '<WRISTBAND_APPLICATION_VANITY_DOMAIN>',
  dangerouslyDisableSecureCookies: true,
});

Updated 10 days ago

What’s Next

Next, we’ll add session middleware to manage authenticated user sessions.