Correlating Users Between Passage and Your Database
Introduction
Once you've added Passage authentication to your application, you need to be able to retrieve data about or perform actions on your users all while ensuring they are properly authenticated. In this guide, we will walk through the easiest way to correlate a Passage User with a user of your application.
Authenticating Users
Each Passage SDK has an authenticateRequest function that is used to verify Passage Auth Tokens in your backend application before allowing requests to proceed. Most commonly, this is done in a middleware function for all requests that require authentication.
The authenticateRequest function in the Passage SDK returns the Passage User ID, which should be set in the request context so that it can be accessed throughout the code processing the request.
import ("net/http""github.com/go-chi/chi/v5""github.com/passageidentity/passage-go")// example using Chi routerfunc (a *API) Handler() http.Handler { r := chi.NewRouter() r.Use(passageMiddleware) r.Route("/auth", exampleHandler)return r}// middleware that authenticates requests and sets // passage user id in contextfunc (a *API) passageMiddleware(next http.Handler) http.Handler {return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { psg, _:= passage.New("<PASSAGE_APP_ID>", nil) user, err := psg.AuthenticateRequest(r)if err !=nil {// unauthorized } ctx := context.WithValue(r.Context(), ctxPassageUser, user) next.ServeHTTP(w, r.WithContext(ctx)) })}// example handler that uses passage middlewarefuncexampleHandler(w http.ResponseWriter, r *http.Request) { userID := r.Context().Value(ctxPassageUser).(string)// ✅ Authentication successful. Proceed...}
from flask import Blueprint, g, render_template, requestfrom passageidentity import Passage, PassageError@auth.before_requestdefbefore_request():try: g.user = psg.authenticateRequest(request)except PassageError as e:# unauthorizedreturnrender_template('unauthorized.html')@auth.route('/authenticated', methods=['GET'])defauth():# g.user will be set to the passage user id here# ... add logic here ...
Creating Users in Your Database
When users register for your application, Passage will create an account for them. You can choose to just use the middleware above and access user data on demand from Passage.
More likely, you will will want a record of the user in your database when they are created so that you can reference a Passage user by ID at any time. Let's say you have a database model that looks like this, where a user has a "name" field and a "passage_id" field that corresponds to their Passage ID.
You will then add a createUser endpoint that will add a user to your database.
auth.route('/user', methods=['POST'])defcreateUser():# g.user will be set to the Passage user id u =User() u.passage_id = g.user# commit to database db.session.add(u) db.session.commit()returnjsonify({"result": 200})
Then create an onSuccess callback on your Passage Register element that will send user data to the above endpoint once a user has been created successfully. Add the following code to a script tag just after the Passage Register element.
<passage-registerapp-id="{{psg_app_id}}"></passage-register><scriptsrc="https://cdn.passage.id/passage-web.js"></script><script> const onSuccess = (authResult) =>{document.cookie ="psg_auth_token="+authResult.authToken +";path=/"; const urlParams =newURLSearchParams(window.location.search) const magicLink =urlParams.has('psg_magic_link') ?urlParams.get('psg_magic_link') :nullif (magicLink !==null) { new Promise((resolve) => {setTimeout(resolve, 3000) }).then( ()=>{ window.location.href =authResult.redirectURL;}) return; }$.ajax({ type:"POST", async:false, url:"{{api_url}}/user", data:JSON.stringify({}),// could include other data here contentType:"application/json", dataType:'json' }); window.location.href =authResult.redirectURL; }</script>
A common use case for this is customizing registration data, which you can find an example of here.
Accessing User Data
In any functions that use the Passage middleware above, you can use the Passage User ID to refer to the user. We recommend storing the Passage User ID in your own users table to be able to reference at any time. You can use the user ID to get and update user information (e.g. email address) from your application.
An example User model might look like this, where a user has a "name" field and a "passage_id" field that corresponds to their Passage ID.
classUser(db.Model):id= db.Column(db.Integer, primary_key=True) name = db.Column(db.String(100)) passage_id = db.Column(db.String(24), index=True)
To access data about a user, you can query the User table by passage_id in any route that is authenticated with Passage and you can use the Passage SDK to query for any Passage-specific user data (like email address or phone number).
@auth.route('/dashboard', methods=['GET'])defdashboard():# g.user should be set here to the Passage user ID# use Passage user ID to get user record in DB user = User.query.filter_by(passage_id=g.user).first()# use Passage SDK to get info stored in Passage (email) psg_user = psg.getUser(g.user)returnrender_template('dashboard.html', name=user.name, email=psg_user.email