At a high level, Passkey Flex allows you to support passkeys alongside your existing authentication system. After logging in, users are asked if they would like to add a passkey, which can be used for future logins. The recommended passkey flow is as follows:
An existing user may add a passkey to their account after they have logged in using the legacy authentication method. After obtaining a legacy auth token, the client will use Passage to add a passkey for the user's account. Passage will validate the user's legacy auth token using what's called an authorizer.
When a user has added a passkey to their account, they will be prompted to log in with a passkey instead of the legacy authentication method. Passkey logins are handled by Passage, and Passage will return a JWT when logins are successful. It is recommended to "swap" the Passage JWT for a legacy auth token to minimize backend code changes, but it is also possible to modify your backend to accept Passage JWTs in addition to legacy auth tokens.
There are generally three steps to implementing Passkey Flex:
- 1.Create a Passage account and configure a new app
- 2.Implement Passage in your frontend to enable users to use passkeys
- 3.Create a Passage authorizer to validate users with legacy auth tokens