Add Auth Endpoints

To implement login and logout flows with Wristband, you'll need to use the Wristband SDK to create the following four endpoints in your Go application:

Login Endpoint
Callback Endpoint
Logout Endpoint
Session Endpoint

Login Endpoint

The Login Endpoint initiates login requests to Wristband. It constructs the authorization request and redirects the user to Wristband's Authorize Endpoint. From there, the user is directed to Wristband's hosted login page to complete the login process.

Below is a code snippet showing how to use Wristband's SDK to implement the Login Endpoint.

// The SDK provides a pre-built login handler
http.Handle("/api/auth/login", app.LoginHandler())

Callback Endpoint

After the user successfully authenticates, Wristband redirects to your application's Callback Endpoint. The SDK's CallbackHandler exchanges the authorization code for tokens, fetches user information, and creates the application session.

You can configure where the user is redirected after a successful login using goauth.WithCallbackRedirectURL. Below is a code snippet showing how to use Wristband's SDK to implement the Callback Endpoint.

// The SDK provides a pre-built callback handler.
http.Handle("/api/auth/callback",
  app.CallbackHandler(
    // Replace with your own default return URL.
    goauth.WithCallbackRedirectURL("http://localhost:5173/home"),
  ),
)

Logout Endpoint

When a user logs out of your application, you must ensure that all authenticated state associated with the user is cleared. The Logout Endpoint performs three tasks to accomplish this:

Clear the application's local session state.
Revoke any refresh tokens associated with the user.
Redirect to Wristband's Logout Endpoint to terminate the user's Wristband auth session.

Below is a code snippet showing how to use Wristband's SDK to implement the Logout Endpoint.

// The SDK provides a pre-built logout handler
http.Handle("/api/auth/logout", app.LogoutHandler())

Session Endpoint

The Session Endpoint verifies that an incoming request contains a valid session and, if so, returns a response that includes the user's session data. This endpoint is used primarily by the frontend for the following two purposes:

To allow the frontend to determine whether the user has a valid session.
To provide the frontend with the user's session data for use within the browser.

Below is a code snippet showing how to use Wristband's SDK to implement the Session Endpoint.

⚠️
Important: This endpoint must be protected with authentication middleware.

// Apply the auth middleware to the session handler
http.Handle("/api/auth/session", authMiddlewares.Apply(app.SessionHandler()))

You can also include custom metadata in the session response using the WithSessionMetadataExtractor option:

http.Handle(
  "/api/auth/session",
  authMiddlewares.Apply(app.SessionHandler(
    goauth.WithSessionMetadataExtractor(
      func(session goauth.Session) any {
        return map[string]any{
          "email": session.UserInfo.Email,
          "tenantName": session.TenantName,
        }
      },
    ),
  )),
)

Map Auth Endpoints

After implementing the auth endpoints, make sure to include them in your Go application main.go file.

// main.go

package main

import (
  "log"
  "net/http"

  goauth "github.com/wristband-dev/go-auth"
)

func main() {
  cfg := goauth.NewAuthConfig(
    "<WRISTBAND_CLIENT_ID>",
    "<WRISTBAND_CLIENT_SECRET>",
    "<WRISTBAND_APPLICATION_VANITY_DOMAIN>",
    goauth.WithDangerouslyDisableSecureCookies(),
  )
  auth, err := cfg.WristbandAuth()
  if err != nil {
    // Handle error
  }
  sessionManager := NewSessionStore("<your-generated-secret>", true)
  app := wristbandAuth.NewApp(sessionManager)
  authMiddlewares := goauth.Middlewares{
    app.RequireAuthentication
  }

  // ADD: Register auth endpoints
  http.Handle("/api/auth/login", app.LoginHandler())
  http.Handle(
    "/api/auth/callback",
    app.CallbackHandler(
      goauth.WithCallbackRedirectURL("<default_return_url>")
    )
  )
  http.Handle("/api/auth/logout", app.LogoutHandler())
  http.Handle(
    "/api/auth/session",
    authMiddlewares.Apply(app.SessionHandler())
  )

  // Start the server
  log.Println("Server starting on :8080")
  log.Fatal(http.ListenAndServe(":8080", nil))
}

Register Your Login Endpoint and Callback Endpoint With Wristband

For several authentication flows, Wristband will need to redirect to your application's Login Endpoint and Callback Endpoint. Therefore, we need to inform Wristband of the URLs for these two endpoints. To do that, we'll need to update the following two fields within the Wristband dashboard:

Client Redirect URIs
Application Login URL

In the sections below, we'll go over how to update these two fields.

Updating the Application Login URL

To update the Application Login URL, follow these steps.

From the Dashboard Home Page, select the appropriate application.
Next, on the Application Settings page, locate the Login URL field and set its value to the URL of your application's Login Endpoint. When you are finished, click the "Save" button.

Updating the Client Redirect URIs

To update the Client Redirect URIs, follow these steps.

Select "OAuth2 Clients" from the left navigation bar, then select the client whose ID matches the client ID that was registered with the SDK.
On the Edit Client page, navigate to the Redirect URIs section and click the "Add+" button. Then enter the URL of your application's Callback Endpoint. When you are finished, click the "Save" button.

On the Edit Client page, navigate to the Redirect URIs section and click the "Add+" button. Then enter the URL of your application's Callback Endpoint. When you are finished, click the "Save" button.