Comment on page
An authorizer is custom code that enables your Passage application to accept and verify any session token, regardless of how it was generated. Creating an authorizer can automatically allow your users to create, edit, and delete passkeys in Passage.
sessionID, etc.) through an HTTP
Authorizationheader, and they use that session token to allow or deny an authenticated HTTP request to Passage.
Authorizers use Passage API Keys to look up and create Passage users programmatically. Before creating an authorizer, create a new API Key under Settings → API Keys. Once you have created a new API Key, create a new authorizer secret called
Authorizers should be configured with an API Key secret
- Inside the function editor, you will see a pre-populated function. The function we will write and test below will run as an “Authorizer” to validate your legacy session token and proceed with the request flow or deny the request.