Authorizers

An authorizer is custom code that enables your Passage application to accept and verify any session token, regardless of how it was generated. Creating an authorizer can automatically allow your users to create, edit, and delete passkeys in Passage.

Authorizers are written in JavaScript or TypeScript and will run on Passage's servers to authenticate requests. All authorizers accept a session token (e.g. JWT, random sessionID, etc.) through an HTTP Authorization header, and they use that session token to allow or deny an authenticated HTTP request to Passage.

Configure an API Key

Authorizers use Passage API Keys to look up and create Passage users programmatically. Before creating an authorizer, create a new API Key under Settings → API Keys. Once you have created a new API Key, create a new authorizer secret called PASSAGE_API_KEY.

Create an Authorizer

• Select Automation —> Authorizers from the left nav in the Console.

• Inside the function editor, you will see a pre-populated function. The function we will write and test below will run as an “Authorizer” to validate your legacy session token and proceed with the request flow or deny the request.