Search…
Quickstart
Go from zero to full biometric authentication in just a few minutes - with or without a Passage account.
Estimated Time: 7 minutes
You can follow along with one of our sample apps found on GitHub.

User Authentication with Passage

1. Create an App in the Passage Console

If you don't want to create a Passage account right now, you can skip this step and Passage will create a temporary app ID that you can use in test mode.
To create an app, first login or create an account for the Passage Console at https://console.passage.id/register. When you first sign up, you will be automatically directed to create your first application. Give your application a name and then provide the following fields:
  • Authentication Origin - the domain that Passage will run on
  • Redirect URL - the path you want to direct users to after successful login
For example, if you are building a local test app, your settings will probably look something like this:
  • Authentication Origin - http://localhost:8080
  • Redirect URL - /dashboard or /
Once you've created your application, copy the Application ID from the dashboard.

2. Add a Passage Element to Your Frontend

A Passage Element provides a complete UI/UX for users to register and login with biometrics or magic links.
In your web app, add the following code wherever you want your users to register or login. If you created a Passage account, you can include your Application ID that you copied in the last step:
1
<passage-auth app-id="PASTE PASSAGE APP ID HERE"></passage-auth>
2
<script src="https://psg.so/web.js"></script>
Copied!
If you are using Passage in test mode and do not have an application ID, just leave that attribute out and Passage will create an app for you.
1
<passage-auth></passage-auth>
Copied!
Before proceeding to the next step, you will need to copy the Passage App ID from your browser's JavaScript console. The Passage App ID is printed to the console after the Passage Element is loaded.
You can now reload your webpage to see fully functional user authentication!

3. Authenticate Requests on Your Web Server

After your users sign in with a Passage Element, you can use a Passage backend library to authenticate their requests. The code snippets below demonstrate how to use Passage to authenticate requests:
Go
Python (Flask)
Node.js
Ruby on Rails
1
import (
2
"net/http"
3
​
4
"github.com/passageidentity/passage-go"
5
)
6
​
7
func exampleHandler(w http.ResponseWriter, r *http.Request) {
8
​
9
// Authenticate this request using the Passage SDK:
10
psg, _ := passage.New("<PASSAGE_APP_ID>", nil)
11
_, err := psg.AuthenticateRequest(r)
12
if err != nil {
13
// 🚨 Authentication failed!
14
w.WriteHeader(http.StatusUnauthorized)
15
return
16
}
17
​
18
// βœ… Authentication successful. Proceed...
19
​
20
}
Copied!
1
from passageidentity import Passage
2
import os
3
​
4
PASSAGE_APP_ID = os.environ.get("PASSAGE_APP_ID")
5
​
6
class AuthenticationMiddleware(object):
7
def __init__(self, app):
8
self.app = app
9
​
10
def __call__(self, environ, start_response):
11
request = Request(environ)
12
psg = Passage(PASSAGE_APP_ID)
13
try:
14
user = psg.authenticateRequest(request)
15
except:
16
ret = Response(u'Authorization failed', mimetype='text/plain', status=401)
17
return ret(environ, start_response)
18
environ['user'] = user
19
return self.app(environ, start_response)
Copied!
1
import Passage from "@passageidentity/passage-node";
2
​
3
const passageConfig = {
4
appID: process.env.PASSAGE_APP_ID
5
};
6
​
7
// example of passage middleware
8
let passage = new psg(passageConfig);
9
let passageAuthMiddleware = (() => {
10
return async (req, res, next) => {
11
try {
12
let userID = await passage.authenticateRequest(req);
13
if (userID) {
14
// user authenticated
15
res.userID = userID;
16
next();
17
}
18
} catch(e) {
19
// failed to authenticate
20
// we recommend returning a 401 or other "unauthorized" behavior
21
console.log(e);
22
res.status(401).send('Could not authenticate user!');
23
}
24
}
25
})();
26
​
27
app.get("/authenticatedRoute", passageAuthMiddleware, async(req, res) => {
28
let userID = res.userID
29
// do authenticated things...
30
});
Copied!
1
require 'passageidentity'
2
​
3
class ApplicationController < ActionController::Base
4
protect_from_forgery with: :exception
5
​
6
Passage = Passage::Client.new(
7
app_id: Rails.application.config.passage_app_id
8
)
9
​
10
def authorize!
11
begin
12
request.to_hash()
13
@user_id = Passage.auth.authenticate_request(request)
14
session[:psg_user_id] = @user_id
15
rescue Exception => e
16
# unauthorized
17
redirect_to "/unauthorized"
18
end
19
end
20
end
Copied!

4. You Just Implemented Awesome User Authentication! πŸŽ‰

What's Next?

If you created a test app, users are ephemeral and are not persisted outside of your browser. To use Passage in production, claim your Passage app with the unique link in the Passage element or create a new app in the Passage Console.
Once you have your application set up, you can:
Passage is still in public beta and actively seeking feedback on the product. If you have feedback, bug reports, or feature requests, we would love to hear from you. You can email me at [email protected] or fill out this form.