Correlating Users Between Passage and Your Database
Introduction
Once you've added Passage authentication to your application, you need to be able to retrieve data about or perform actions on your users all while ensuring they are properly authenticated. In this guide, we will walk through the easiest way to correlate a Passage User with a user of your application.
Authenticating Users
Each Passage SDK has an authenticateRequest
function that is used to verify Passage Auth Tokens in your backend application before allowing requests to proceed. Most commonly, this is done in a middleware function for all requests that require authentication.
The authenticateRequest
function in the Passage SDK returns the Passage User ID, which should be set in the request context so that it can be accessed throughout the code processing the request.
Node.js
import Passage from '@passageidentity/passage-node';
// passage middleware
let passage = new Passage(passageConfig);
let passageAuthMiddleware = (() => {
return async (req, res, next) => {
try {
let userID = await passage.authenticateRequest(req);
if (userID) {
// user is authenticated
res.userID = userID;
next();
}
} catch (e) {
// unauthorized
}
};
})();
// authenticated route that uses middleware
app.get('/auth', passageAuthMiddleware, async (req, res) => {
let userID = res.userID;
// proceed
});
Go
import (
"net/http"
"github.com/go-chi/chi/v5"
"github.com/passageidentity/passage-go"
)
// example using Chi router
func (a *API) Handler() http.Handler {
r := chi.NewRouter()
r.Use(passageMiddleware)
r.Route("/auth", exampleHandler)
return r
}
// middleware that authenticates requests and sets
// passage user id in context
func (a *API) passageMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
psg, _:= passage.New("<PASSAGE_APP_ID>", nil)
user, err := psg.AuthenticateRequest(r)
if err != nil {
// unauthorized
}
ctx := context.WithValue(r.Context(), ctxPassageUser, user)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
// example handler that uses passage middleware
func exampleHandler(w http.ResponseWriter, r *http.Request) {
userID := r.Context().Value(ctxPassageUser).(string)
// ✅ Authentication successful. Proceed...
}
Python
from flask import Blueprint, g, render_template, request
from passageidentity import Passage, PassageError
@auth.before_request
def before_request():
try:
g.user = psg.authenticateRequest(request)
except PassageError as e:
# unauthorized
return render_template('unauthorized.html')
@auth.route('/authenticated', methods=['GET'])
def auth():
# g.user will be set to the passage user id here
# ... add logic here ...
Creating Users in Your Database
When users register for your application, Passage will create an account for them. You can choose to just use the middleware above and access user data on demand from Passage.
More likely, you will will want a record of the user in your database when they are created so that you can reference a Passage user by ID at any time. Let's say you have a database model that looks like this, where a user has a "name" field and a "passage_id" field that corresponds to their Passage ID.
class User(db.Model):
id = db.Column(db.Integer, primary_key = True)
name = db.Column(db.String(100))
passage_id = db.Column(db.String(32), primary_key = True)
You will then add a createUser
endpoint that will add a user to your database.
auth.route('/user', methods=['POST'])
def createUser():
# g.user will be set to the Passage user id
u = User()
u.passage_id = g.user
# commit to database
db.session.add(u)
db.session.commit()
return jsonify({"result": 200})
Then create an onSuccess
callback on your Passage Register element that will send user data to the above endpoint once a user has been created successfully. Add the following code to a script tag just after the Passage Register element.
<passage-register app-id="{{psg_app_id}}"></passage-register>
<script src="https://cdn.passage.id/passage-elements/v2.x/passage-elements.js"></script>
<script>
const onSuccess = (authResult) =>{
document.cookie = "psg_auth_token=" + authResult.authToken + ";path=/";
const urlParams = new URLSearchParams(window.location.search)
const magicLink = urlParams.has('psg_magic_link') ? urlParams.get('psg_magic_link') : null
if (magicLink !== null) {
new Promise((resolve) => {
setTimeout(resolve, 3000)
}).then( ()=>{ window.location.href = authResult.redirectURL;})
return;
}
$.ajax({
type: "POST",
async: false,
url: "{{api_url}}/user",
data: JSON.stringify({}), // could include other data here
contentType: "application/json",
dataType: 'json'
});
window.location.href = authResult.redirectURL;
}
</script>
A common use case for this is customizing registration data, which you can find an example of here.
Accessing User Data
In any functions that use the Passage middleware above, you can use the Passage User ID to refer to the user. We recommend storing the Passage User ID in your own users table to be able to reference at any time. You can use the user ID to get and update user information (e.g. email address) from your application.
An example User model might look like this, where a user has a "name" field and a "passage_id" field that corresponds to their Passage ID.
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(100))
passage_id = db.Column(db.String(24), index=True)
To access data about a user, you can query the User table by passage_id
in any route that is authenticated with Passage and you can use the Passage SDK to query for any Passage-specific user data (like email address or phone number).
@auth.route('/dashboard', methods=['GET'])
def dashboard():
# g.user should be set here to the Passage user ID
# use Passage user ID to get user record in DB
user = User.query.filter_by(passage_id=g.user).first()
# use Passage SDK to get info stored in Passage (email)
psg_user = psg.getUser(g.user)
return render_template('dashboard.html', name=user.name, email=psg_user.email)