Search…
Node.js
Authenticate requests and manage Passage users with Node.js.
To use the Passage Node.js SDK, you'll need your Passage App ID. You can create a new Passage App in the console.
The Passage Node.js SDK is designed for Node apps using Express.js.

Authenticating Requests

Passage makes it easy to associate an HTTP request with an authenticated user. The following code can be used to validate that a request was made by an authenticated user.
1
import Passage from "@passageidentity/passage-node";
2
​
3
// Passage requires an App ID and, optionally, an API Key
4
const passageConfig = {
5
appID: process.env.PASSAGE_APP_ID,
6
apiKey: process.env.PASSAGE_API_KEY,
7
};
8
​
9
// Authentication using Passage class instance
10
let passage = new Passage(passageConfig);
11
app.get("/authenticatedRoute", async(req, res) => {
12
try {
13
// Authenticate request using Passage
14
let userID = await passage.authenticateRequest(req, res);
15
if (userID) {
16
// User is authenticated
17
let userData = await passage.user.get(userID);
18
console.log(userData);
19
}
20
} catch (e) {
21
// Authentication failed
22
console.log(e);
23
res.send("Authentication failed!");
24
}
25
});
Copied!

Authenticating a Request With Express.js Middleware

If you use Express.js, Passage provides a middleware that can be used directly. This middleware will authenticate a request and return a 401 Unauthorized if the token is invalid. If it succeeds, the Passage User ID will be available in the response. The following code shows how the Passage middleware can be used in an Express.js application.
1
import Passage from "@passageidentity/passage-node";
2
​
3
const passageConfig = {
4
appID: process.env.PASSAGE_APP_ID,
5
apiKey: process.env.PASSAGE_API_KEY,
6
};
7
​
8
// example of passage middleware
9
let passage = new psg(passageConfig);
10
let passageAuthMiddleware = (() => {
11
return async (req, res, next) => {
12
try {
13
let userID = await passage.authenticateRequest(req);
14
if (userID) {
15
// user authenticated
16
res.userID = userID;
17
next();
18
}
19
} catch(e) {
20
// failed to authenticate
21
// we recommend returning a 401 or other "unauthorized" behavior
22
console.log(e);
23
res.status(401).send('Could not authenticate user!');
24
}
25
}
26
})();
27
​
28
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
29
let userID = res.userID
30
// do authenticated things...
31
});
Copied!

User Management

In addition to authenticating requests, the Passage Node SDK also provides a way to securely manage your users. These functions require authentication using a Passage API key. API keys can be managed in the Passage Console.
The functionality currently available on a user is:
  • Get a user's information
  • Activate or deactivate a user (a deactivated user will not be able to log in)
  • Update a user's information (email address or phone number)
Passage API Keys are sensitive! You should store them securely along with your other application secrets.
Get User
Activate / Deactivate User
Update User
1
import Passage from "@passageidentity/passage-node";
2
​
3
const passageConfig = {
4
appID: process.env.PASSAGE_APP_ID,
5
apiKey: process.env.PASSAGE_API_KEY,
6
};
7
​
8
let passage = new Passage(passageConfig);
9
//
10
//...middleware here...
11
//
12
​
13
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
14
let userID = res.userID;
15
let passageUser = await passage.user.get(userID);
16
console.log(passageUser.email)
17
});
18
​
Copied!
1
import Passage from "@passageidentity/passage-node";
2
​
3
const passageConfig = {
4
appID: process.env.PASSAGE_APP_ID,
5
apiKey: process.env.PASSAGE_API_KEY,
6
};
7
​
8
let passage = new Passage(passageConfig);
9
//
10
//...middleware here...
11
//
12
​
13
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
14
let userID = res.userID;
15
let passageUser = await passage.user.deactivate(userID);
16
console.log(passageUser.active)
17
});
Copied!
1
import Passage from "@passageidentity/passage-node";
2
​
3
const passageConfig = {
4
appID: process.env.PASSAGE_APP_ID,
5
apiKey: process.env.PASSAGE_API_KEY,
6
};
7
​
8
let passage = new Passage(passageConfig);
9
//
10
//...middleware here...
11
//
12
​
13
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
14
let userID = res.userID;
15
let passageUser = await passage.user.update({
16
17
phone: "+15005550006"
18
});
19
console.log(passageUser.email)
20
console.log(passageUser.phone)
21
});
Copied!
All fields available in a Passage User object are listed below:
Field
Type
id
string
email
string
phone
string
active
boolean
email_verified
boolean
created_at
datetime
last_login_at
datetime
webauthn
boolean
webauthn_devices
array of string (e.g. "Mac OS X")
recent_events
array of PassageEvents
​
Last modified 28d ago