Comment on page
Authorizers
An authorizer is custom code that enables your Passage application to accept and verify any session token, regardless of how it was generated. Creating an authorizer can automatically allow your users to create, edit, and delete passkeys in Passage.
Authorizers are written in JavaScript or TypeScript and will run on Passage's servers to authenticate requests. All authorizers accept a session token (e.g. JWT, random
sessionID, etc.) through an HTTP Authorization header, and they use that session token to allow or deny an authenticated HTTP request to Passage.Authorizers use Passage API Keys to look up and create Passage users programmatically. Before creating an authorizer, create a new API Key under Settings → API Keys. Once you have created a new API Key, create a new authorizer secret called
PASSAGE_API_KEY.
Authorizers should be configured with an API Key secret
- Inside the function editor, you will see a pre-populated function. The function we will write and test below will run as an “Authorizer” to validate your legacy session token and proceed with the request flow or deny the request.
Last modified 22d ago