Site Home
Guides
LoginTry for Free
Start typing to search…

Add Auth Endpoints

Learn how to create the necessary auth endpoints needed to integrate your application with Wristband.

To implement login and logout flows with Wristband, you'll need to use the Wristband SDK to create the following four endpoints in your Go application:

  • Login Endpoint
  • Callback Endpoint
  • Logout Endpoint
  • Session Endpoint

Login Endpoint

The Login Endpoint initiates login requests to Wristband. It constructs the authorization request and redirects the user to Wristband's Authorize Endpoint. From there, the user is directed to Wristband's hosted login page to complete the login process.

Below is a code snippet showing how to use Wristband's SDK to implement the Login Endpoint.

Login Endpoint

// The SDK provides a pre-built login handler
http.Handle("/api/auth/login", app.LoginHandler())

Callback Endpoint

After the user successfully authenticates, Wristband redirects to your application's Callback Endpoint. The SDK's CallbackHandler exchanges the authorization code for tokens, fetches user information, and creates the application session.

Below is a code snippet showing how to use Wristband's SDK to implement the Callback Endpoint.

Callback Endpoint

// The SDK provides a pre-built callback handler
http.Handle("/api/auth/callback", app.CallbackHandler())

Logout Endpoint

When a user logs out of your application, you must ensure that all authenticated state associated with the user is cleared. The Logout Endpoint performs three tasks:

  1. Redirect to Wristband's Logout Endpoint to terminate the user's Wristband auth session.
  2. Revoke any refresh tokens associated with the user.
  3. Clear the application's local session state.

Below is a code snippet showing how to use Wristband's SDK to implement the Logout Endpoint.

Logout Endpoint

// The SDK provides a pre-built logout handler
http.Handle("/api/auth/logout", app.LogoutHandler())

Session Endpoint

The Session Endpoint verifies that an incoming request contains a valid session and, if so, returns a response that includes the user's session data. This endpoint is used primarily by the frontend for the following two purposes:

  1. To provide the frontend with the user's session data for use within the browser.
  2. To allow the frontend to determine whether the user has a valid session.

Below is a code snippet showing how to use Wristband's SDK to implement the Session Endpoint.

⚠️

Important: This endpoint must be protected with authentication middleware.

Session Endpoint

// Create middleware chain for protected endpoints
middlewares := goauth.Middlewares{
    app.RequireAuthentication,
    goauth.CacheControlMiddleware,
}

// Apply middleware to the session handler
http.Handle("/api/session", middlewares.Apply(app.SessionHandler()))

You can also include custom metadata in the session response using the WithSessionMetadataExtractor option:

Session Endpoint With Custom Metadata

http.Handle("/api/session", goauth.RequireAuthentication(
    app.SessionHandler(goauth.WithSessionMetadataExtractor(func(sess goauth.Session) any {
        return map[string]any{
            "email":      sess.UserInfo.Email,
            "tenantName": sess.TenantName,
        }
    }))
)

Map Auth Endpoints

After implementing the auth endpoints, make sure to include them in your Go application file.

Map Auth Endpoints

// main.go

package main

import (
    "log"
    "net/http"

    goauth "github.com/wristband-dev/go-auth"
)

func main() {
    // Initialize Wristband auth
    initWristband()

    // Create session manager
    sessionManager := NewGorillaSessionManager()

    // Create the Wristband app
    app := wristbandAuth.NewApp(sessionManager)

    // Define middleware chain
    middlewares := goauth.Middlewares{
        app.RequireAuthentication,
        goauth.CacheControlMiddleware,
    }

    // Register auth endpoints
    http.Handle("/api/auth/login", app.LoginHandler())
    http.Handle("/api/auth/callback", app.CallbackHandler())
    http.Handle("/api/auth/logout", app.LogoutHandler())
    http.Handle("/api/session", middlewares.Apply(app.SessionHandler()))

    // Start the server
    log.Println("Server starting on :8080")
    log.Fatal(http.ListenAndServe(":8080", nil))
}

Register Your Login Endpoint and Callback Endpoint With Wristband

For several authentication flows, Wristband will need to redirect to your application's Login Endpoint and Callback Endpoint. Therefore, we need to inform Wristband of the URLs for these two endpoints. To do that, we'll need to update the following two fields within the Wristband dashboard:

  • Client Redirect URIs
  • Application Login URL

In the sections below, we'll go over how to update these two fields.

Updating the Application Login URL

To update the Application Login URL, follow these steps.

  1. From the Dashboard Home Page, select the appropriate application.

    Select application

  2. Next, on the Application Settings page, locate the Login URL field and set its value to the URL of your application's Login Endpoint. When you are finished, click the "Save" button.

    Application login URL

Updating the Client Redirect URIs

To update the Client Redirect URIs, follow these steps.

  1. Select "OAuth2 Clients" from the left navigation bar, then select the client whose ID matches the client ID that was registered with the SDK.

  2. On the Edit Client page, navigate to the Redirect URIs section and click the "Add+" button. Then enter the URL of your application's Callback Endpoint. When you are finished, click the "Save" button.

Select application
  1. On the Edit Client page, navigate to the Redirect URIs section and click the "Add+" button. Then enter the URL of your application's Callback Endpoint. When you are finished, click the "Save" button.
Register redirect URI

Updated 2 days ago

What’s Next

Now that your authentication endpoints are set up and configured, let's verify that they're working correctly.