Support Blog Demo

Write the Code

Function Requirements

Generally speaking, an authorizer function should follow this pattern:

  • Get the token from the Authorization header with the context.getAuthToken() helper method.

  • Validate the token using some method (e.g. JWT verification, API call to your backend) and retrieve the user's email address.

  • If the email address is provided, use the provided context.getOrCreateUser(email) to retrieve the Passage User ID.

There are a few types available in an authorizer. The PassageEvent type indicates the fields that are available to you in an authorizer.

export type PassageEvent = {
  headers: {
    authorization?: string;
    ip?: string;
  };
  secrets: Secrets;
};
  
type Secrets = {
  [key: string]: string | undefined;
};

The methods available on the AuthorizerContext interface are defined below:

export type User = {
  id: string;
  identifier: string;
};
export type AuthorizerContext = {
  getOrCreateUser: (identifier: string) => Promise<User>;
  denyAccess: (reason: string) => void;
  allowAccess: (userId: string) => void;
  log: (...message: unknown[]) => void;
  getAuthHeaderToken: () => string | undefined;
};

Add Secrets

Passage authorizers include secret management to securely store secrets while making them conveniently available in code.

To access a secret from your authorizer code, use event.secrets.SECRET_NAME

To add or update a secret, go to the “Secrets” pane of the authorizers code editor.

In order to use the context.getOrCreateUser() functionality, you must have a Passage API Key as one of your secrets.

  1. Navigate to the general settings of your Passage app.

  2. Create an API Key and copy the value.

  3. Navigate back to the Authorizer page and click on the key icon in the left nav of the editor.

  4. Add a secret with the name PASSAGE_API_KEY and API key as the value.

  5. Press save.

Tip: you can verify the existence of your secrets in the code by using context.log(event.secrets.SECRET_NAME) and pressing the Run button in the test tab.

Add Dependencies

Authorizers support importing open-source modules like jose in the example above. 

import * as jose from 'https://deno.land/x/[email protected]/index.ts'

Imports must use the Deno third-party module CDN. A list of available modules can be found here. For more information on Deno modules, see here.

PreviousExamplesNextTesting

Last updated

Change request #337: react native