Quickstart: Embedded Login

Go from zero to fully passwordless authentication in just a few minutes with Passage by 1Password.

You can follow along with one of our example apps found on Github.

Embedded User Authentication with Passage

Here's what is covered in this quick start guide:

1. Create an app in the Passage Console
2. Add Passage Element to your frontend
3. Implement authorization middleware using backend SDK
4. Done!

Create an app in the Passage Console

To create an app, first login or create an account for the Passage Console. When you first sign up, you will be redirected to your homepage that includes an example application to explore. To create your first new application, select the "Create New App" button on the home page and the "Embedded login experience" option.

Give your application a name and then provide the following fields:

• Authentication Origin - the domain that Passage will run on
• Redirect URL - the path you want to direct users to after successful login

For example, if you are building a local test app, your settings will probably look something like this:

• Authentication Origin - http://localhost:8080
• Redirect URL - /dashboard or /

Once you've created your application, copy the Application ID from the dashboard.

Add a Passage Element to your frontend

A Passage Element provides a complete UI/UX for users to register and login with biometrics or Magic Links.

In your web app, add the following code wherever you want your users to register or login. If you created a Passage account, you can include your Application ID that you copied in the last step:

<passage-auth app-id="PASTE PASSAGE APP ID HERE"></passage-auth>
<script src="https://cdn.passage.id/passage-elements/v2.x/passage-elements.js"></script>

You can now reload your webpage to see fully functional user authentication!

Implement authorization middleware

After your users sign in with a Passage Element, you can use a Passage backend library to authenticate their requests. The code snippets below demonstrate how to use Passage to authenticate requests:

Go

To use Passage in your Go application, run:

go get github.com/passageidentity/passage-go

at the command line.

import (
	"net/http"
 
	"github.com/passageidentity/passage-go"
)
 
func exampleHandler(w http.ResponseWriter, r *http.Request) {
 
	// Authenticate this request using the Passage SDK:
	psg, _ := passage.New("<PASSAGE_APP_ID>", nil)
	_, err := psg.AuthenticateRequest(r)
	if err != nil {
		// 🚨 Authentication failed!
		w.WriteHeader(http.StatusUnauthorized)
		return
	}
 
	// ✅ Authentication successful. Proceed...
 
}

Python

To use Passage in your Flask application, run pip install passage-identity at the command line.

from passageidentity import Passage
import os
 
PASSAGE_APP_ID = os.environ.get("PASSAGE_APP_ID")
 
class AuthenticationMiddleware(object):
    def __init__(self, app):
        self.app = app
 
    def __call__(self, environ, start_response):
        request = Request(environ)
        authHeader = request.headers["Authorization"]
        _, token = authHeader.split(" ", 1)
 
        psg = Passage(PASSAGE_APP_ID)
 
        try:
            user = psg.authenticateJWT(token)
        except:
            ret = Response(u'Authorization failed', mimetype='text/plain', status=401)
            return ret(environ, start_response)
        environ['user'] = user
        return self.app(environ, start_response)

Node.js

To use Passage in your Node application, run npm i @passageidentity/passage-node at the command line.

import Passage from '@passageidentity/passage-node';
 
const passageConfig = {
    appID: process.env.PASSAGE_APP_ID,
};
 
// example of passage middleware
let passage = new Passage(passageConfig);
let passageAuthMiddleware = (() => {
    return async (req, res, next) => {
        try {
            let userID = await passage.authenticateRequest(req);
            if (userID) {
                // user authenticated
                res.userID = userID;
                next();
            }
        } catch (e) {
            // failed to authenticate
            // we recommend returning a 401 or other "unauthorized" behavior
            console.log(e);
            res.status(401).send('Could not authenticate user!');
        }
    };
})();
 
app.get('/authenticatedRoute', passageAuthMiddleware, async (req, res) => {
    let userID = res.userID;
    // do authenticated things...
});

Ruby

To use Passage in your Ruby on Rails application, run gem install passageidentity at the command line.

require 'passageidentity'
 
class ApplicationController < ActionController::Base
    protect_from_forgery with: :exception
 
    Passage = Passage::Client.new(
      app_id: Rails.application.config.passage_app_id
    )
 
    def authorize!
      begin
        request.to_hash()
        headers = request.headers
        token = headers["Authorization"].split(" ").last
 
        @user_id = Passage.auth.validate_jwt(token)
        session[:psg_user_id] = @user_id
      rescue Exception => e
        # unauthorized
        redirect_to "/unauthorized"
      end
    end
  end

You just implemented awesome user authentication! 🎉

Visit your website in a browser to see how easy Passage is for your users.

What's Next?

Once you have your application set up, you can:

• Explore the Passage Console dashboard to view users and add team members.
• Customize your Passage Element and your email templates to match your website's brand.
• Learn how to implement custom success and failure behavior using JavaScript callbacks.
• Create an API key in the console and explore our management APIs and SDKs.

If you created a test app, users are ephemeral and are not persisted outside of your browser. To use Passage in production, claim your Passage app with the unique link in the Passage element or create a new app in the Passage Console.

Passage is always seeking feedback on the product. If you have feedback, bug reports, or feature requests, we would love to hear from you. Email us at support@passage.id or fill out this form (opens in a new tab).