Test Auth Flows

🤔

Tests not working?

If you get stuck, contact us and our development team will work directly with you to get unblocked.

Now that you've implemented your authentication endpoints, let's test some basic authentication flows to verify that everything is working correctly.

Test 1: Verify Signup Flow

First, we'll test the Application-Level Signup flow. To do so, please perform the following steps:

1. Select your application from the Dashboard Home Page.

2. On the Application Settings page, scroll down to the Application URLs section and click the header to expand the accordion menu. Within the Application URLs section, click the external link icon next to the Application-level Signup URL field.

3. After clicking the external link icon, a new browser tab will open showing the Application-Level Signup page. Fill out the following fields on that page:

   1. Tenant Name - Application-level signup creates a new tenant under your application. This will be the name of the tenant that is created.
   2. Email - A valid email address under your possession. To complete the signup process, you'll need to view an activation email sent to this address.
   3. Password - The password that you will use to log in.

   When finished, click the "Sign Up" button.

4. Next, you should get an email containing a one-time code. Enter the code into the Verification Code form field and then click the "Verify" button.

5. If the signup process succeeds, you'll be redirected to the URL you specified as the final redirect in your Callback Endpoint (set up in the Add Auth Endpoints step). This is typically your application's home page.

Congratulations, you just completed the Application-Level Signup flow! Behind the scenes, the following operations were performed.

1. A new tenant was created under your application with the "Tenant Name" that you provided.
2. A new user was created under the tenant with the email and password that you specified.
3. The user was activated using an email containing a verification code.
4. A Wristband auth session was created for the user.

Test 2: Verify Login Flow

Next, let's test the user login flow. Before doing so, ensure the user you just created doesn't have any active Wristband auth sessions (they likely do if you have just completed the signup flow). If an active session exists, the user will be automatically authenticated when navigating to their tenant login page, bypassing the login screen (which we don't want for this test).

Clearing the User's Active Auth Sessions

To clear the user's active auth sessions, perform the following steps:

1. Select your application from the Dashboard Home Page.

2. Next, select "Users" from the navigation bar and then select the user that was created through the signup process from the Users table.

3. On the Edit User screen, scroll down to the Active Auth Sessions section and click the "Delete Sessions" button.

Perform User Login

Now that we've cleared the user's active auth sessions, we can test the login flow. To do so, please perform the following steps:

1. Select your application from the Dashboard Home Page.

2. On the Application Settings page, scroll down to the Application URLs section and click the header to expand the accordion menu. Within the Application URLs section, click the external link icon next to the Application-level Login URL field.

3. After clicking the external link icon, a new browser tab will open to the Application-Level Login page. This page lists the tenants you've previously authenticated with. Click the "Select" button next to the tenant you created during the signup flow.

4. You should now see the login page for the selected tenant. Enter your email and password for the user you created during the signup flow, then click the "Log In" button.

5. If the login process succeeds, you'll be redirected to the URL you specified as the final redirect in your Callback Endpoint (set up in the Add Auth Endpoints step). This is typically your application's home page.

Test 3: Verify Auth Session

After successfully logging in, your user should now have an active Wristband auth session. If you revisit the tenant login page, Wristband will detect your user's active session and skip the login screen that prompts for credentials. To test this behavior, please perform the following steps:

1. Enter your application-level login URL into your browser to navigate to the Application-Level Login page. If you don't have your application-level login URL on hand, you can find it on the Application Settings page, under the Application URLs section.

2. On the Application-Level Login page, you'll see a list of tenants you've previously authenticated with. Click the "Select" button next to the tenant you previously logged in to. This will redirect you to that tenant's login page.

3. Since your user already has an active auth session for this tenant, you should not be prompted for credentials. Instead, you'll automatically be logged in and redirected to the URL specified at the end of your Callback Endpoint, which is typically your application's home page.

Test 4: Verify Logout

Now, let's run the logout flow to terminate your user's Wristband auth session. To execute the logout flow, perform the following steps:

1. In your browser's address bar, enter the URL of your Logout Endpoint (e.g., http://localhost:3001/auth/logout) and press Enter to navigate to it. This will cause the logic within your Logout Endpoint to execute.
2. At the end of the logout flow, you should be redirected to your tenant's login page.

3. The fact that the tenant login page is now prompting for your credentials indicates that your user's auth session has been terminated and that the logout flow executed successfully.

If you've reached this point, congratulations! Your auth endpoints are working correctly. 🎉