Go from zero to fully passwordless authentication in just a few minutes - with or without a Passage account.
Estimated Time: 7 minutes
You can follow along with one of our sample apps found on GitHub.

User Authentication with Passage

Here's what is covered in this quick start guide:
  1. 1.
    Create an app in the Passage Console
  2. 2.
    Add Passage Element to your frontend
  3. 3.
    Implement authorization middleware using backend SDK
  4. 4.

Create an app in the Passage Console

If you don't want to create a Passage account right now, you can skip this step and Passage will create a temporary app ID that you can use in test mode.
To create an app, first login or create an account for the Passage Console at When you first sign up, you will be redirected to your homepage that includes an example application to explore. To create your first new application, select the "Create New App" button on the home page. Give your application a name and then provide the following fields:
  • Authentication Origin - the domain that Passage will run on
  • Redirect URL - the path you want to direct users to after successful login
For example, if you are building a local test app, your settings will probably look something like this:
  • Authentication Origin - http://localhost:8080
  • Redirect URL - /dashboard or /
Once you've created your application, copy the Application ID from the dashboard.

Add a Passage Element to your frontend

A Passage Element provides a complete UI/UX for users to register and login with biometrics or magic links.
In your web app, add the following code wherever you want your users to register or login. If you created a Passage account, you can include your Application ID that you copied in the last step:
<passage-auth app-id="PASTE PASSAGE APP ID HERE"></passage-auth>
<script src=""></script>
If you are using Passage in test mode and do not have an application ID, just leave that attribute out and Passage will create an app for you.
Before proceeding to the next step, you will need to copy the Passage App ID from your browser's JavaScript console. The Passage App ID is printed to the console after the Passage Element is loaded.
You can now reload your webpage to see fully functional user authentication!

Implement authorization middleware

After your users sign in with a Passage Element, you can use a Passage backend library to authenticate their requests. The code snippets below demonstrate how to use Passage to authenticate requests:
Python (Flask)
Ruby on Rails
To use Passage in your Go application, run:
go get
at the command line.
import (
func exampleHandler(w http.ResponseWriter, r *http.Request) {
// Authenticate this request using the Passage SDK:
psg, _ := passage.New("<PASSAGE_APP_ID>", nil)
_, err := psg.AuthenticateRequest(r)
if err != nil {
// 🚨 Authentication failed!
// ✅ Authentication successful. Proceed...
To use Passage in your Flask application, run pip install passage-identity at the command line.
from passageidentity import Passage
import os
PASSAGE_APP_ID = os.environ.get("PASSAGE_APP_ID")
class AuthenticationMiddleware(object):
def __init__(self, app): = app
def __call__(self, environ, start_response):
request = Request(environ)
psg = Passage(PASSAGE_APP_ID)
user = psg.authenticateRequest(request)
ret = Response(u'Authorization failed', mimetype='text/plain', status=401)
return ret(environ, start_response)
environ['user'] = user
return, start_response)
To use Passage in your Node application, run npm i @passageidentity/passage-node at the command line.
import Passage from "@passageidentity/passage-node";
const passageConfig = {
appID: process.env.PASSAGE_APP_ID
// example of passage middleware
let passage = new psg(passageConfig);
let passageAuthMiddleware = (() => {
return async (req, res, next) => {
try {
let userID = await passage.authenticateRequest(req);
if (userID) {
// user authenticated
res.userID = userID;
} catch(e) {
// failed to authenticate
// we recommend returning a 401 or other "unauthorized" behavior
res.status(401).send('Could not authenticate user!');
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
let userID = res.userID
// do authenticated things...
To use Passage in your Ruby on Rails application, run gem install passageidentity at the command line.
require 'passageidentity'
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
Passage =
app_id: Rails.application.config.passage_app_id
def authorize!
@user_id = Passage.auth.authenticate_request(request)
session[:psg_user_id] = @user_id
rescue Exception => e
# unauthorized
redirect_to "/unauthorized"

You just implemented awesome user authentication! 🎉

Visit your website in a browser to see how easy Passage is for your users.

What's Next?

Once you have your application set up, you can:
If you created a test app, users are ephemeral and are not persisted outside of your browser. To use Passage in production, claim your Passage app with the unique link in the Passage element or create a new app in the Passage Console.
Passage is always seeking feedback on the product. If you have feedback, bug reports, or feature requests, we would love to hear from you. You can email me at [email protected] or fill out this form.