Ruby
Authenticate requests and manage Passage users with Ruby.
To use the Passage Ruby SDK, you'll need your Passage App ID. You can create a new Passage App in the console.
The Ruby SDK can be installed from the command line:
gem install passageidentity
A Ruby on Rails server can easily authenticate an HTTP request using the
passageidentity
gem, available via RubyGems. The example below shows a Rails application that uses Passage to authorize requests.require 'passageidentity'
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
Passage = Passage::Client.new(
app_id: Rails.application.config.passage_app_id
)
def authorize!
begin
request.to_hash()
@user_id = Passage.auth.authenticate_request(request)
session[:psg_user_id] = @user_id
rescue Exception => e
# unauthorized
redirect_to "/unauthorized"
end
end
end
Then routes are protected using a
before_action
.class DashboardController < ApplicationController
before_action :authorize!, except: %i[unauthorized]
def authorized
@user = session[:psg_user_id]
end
def unauthorized
end
end
By default, Passage looks for the user JWT from a cookie that is set by the Passage Element (
psg_auth_token
). If your application uses Authorization headers instead, you can pass the following option to Passage.psg = Passage::Client.new(
app_id: PASSAGE_APP_ID,
auth_strategy: Passage::HEADER_STRATEGY
)
Note: If you are not building with Rails, you should use the
authenticate_jwt
method and extract the JWT from the header yourself in the authorize
function.It is important to remember that
Passage.auth.authenticate_request(request)
validates that a request is properly authenticated, but an additional authorization check is often required. You should use the Passage User ID to store role information and make authorization decisions.
before_action :authorize!, except: %i[unauthorized]
def authorized
@user = session[:psg_user_id]
authorized = authorizationCheck(@user)
if authorized
# Successful authentication and authorization. Proceed ...
The Passage SDK provides a way to retrieve information about an app.
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
)
passageAppInfo = PassageClient.get_app()
puts passageAppInfo
In addition to authenticating requests, the Passage SDK also provides a way to securely manage your users. These functions require authentication using a Passage API key. API keys can be managed in the Passage Console.
Passage API Keys are sensitive! You should store them securely along with your other application secrets.
The functionality currently available on a user is:
- Get a user's information (including any defined user metadata fields)
- Activate or deactivate a user (a deactivated user will not be able to log in)
- Update a user's information (email address or phone number)
- Delete a user
- Create a user
Get
Activate/Deactivate
Delete
Create
Update
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
user = PassageClient.user.get(user_id: @user_id)
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
user = PassageClient.user.deactivate(user_id: user_id)
user = PassageClient.user.activate(user_id: user_id)
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
user = PassageClient.user.delete(user_id: user_id)
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
user = PassageClient.user.create(email: "[email protected]")
user = PassageClient.user.create(phone: "+15005550007")
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
user = PassageClient.user.update(
user_id: user_id,
email: "[email protected]"
)
All fields available in a Passage User object are listed below:
Field | Type |
id | string |
email | string |
phone | string |
active | boolean |
email_verified | boolean |
created_at | datetime |
last_login_at | datetime |
webauthn | boolean |
user_metadata | map |
webauthn_devices | array of strings (e.g. "Mac OS X") |
recent_events | array of PassageEvents |
The functionality currently available is:
- List all devices for a user
- Revoke a particular device from a user
List Devices
Revoke Device
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
devices = PassageClient.user.list_devices(user_id: user_id)
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
PassageClient.user.delete_device(
user_id: user_id,
device_id: device_id
)
The Ruby SDK can be used to generate custom magic links for users, that can be embedded into any content medium. To learn more, see our full guide on Embedded Magic Links.
require 'passageidentity'
PassageClient = Passage::Client.new(
app_id: PASSAGE_APP_ID,
api_key: PASSAGE_API_KEY
)
magic_link = PassageClient.create_magic_link(user_id: user_id)
magic_link = PassageClient.create_magic_link(
email: "[email protected]",
send: true,
channel: Passage::EMAIL_CHANNEL,
ttl: 120
)
Last modified 2mo ago