4 releases
| 0.1.3 | Oct 23, 2024 |
|---|---|
| 0.1.2 | Aug 30, 2024 |
| 0.1.1 | Aug 23, 2024 |
| 0.1.0 | Aug 23, 2024 |
#108 in Authentication
125KB
2.5K
SLoC
About
Passage by 1Password unlocks the passwordless future with a simpler, more secure passkey authentication experience. Passage handles the complexities of the WebAuthn API, and allows you to implement passkeys with ease.
Use Passkey Flex to add passkeys to an existing authentication experience.
Use Passkey Complete as a standalone passwordless auth solution.
Use Passkey Ready to determine if your users are ready for passkeys.
In passage-flex-rust
Use passage-flex-rust to implement Passkey Flex into your Rust backend to authenticate requests and manage users.
| Product | Compatible |
|---|---|
 Passkey Flex |
✅ |
 Passkey Complete |
✖️ For Passkey Complete, check out the Passkey Complete APIs |
 Passkey Ready |
✖️ For Passkey Ready, check out Authentikit |
Getting Started
Check Prerequisites
You'll need a free Passage account and a Passkey Flex app set up in Passage Console to get started.
Learn more about Passage Console →
Install
cargo add passage_flex
Import
use passage_flex::PassageFlex;
Initialize
let passage_flex = PassageFlex::new(
std::env::var("YOUR_PASSAGE_APP_ID").unwrap(),
std::env::var("YOUR_PASSAGE_API_KEY").unwrap(),
);
Go Passwordless
Find more details about Passkey Flex on our Passkey Flex Documentation and Docs.rs pages.
API Reference
Retrieve App Info
To retrieve information about the app, use the get_app method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let app_info = passage_flex.get_app().await.unwrap();
println!("{}", app_info.auth_origin);
Create a Registration Transaction
To create a transaction to start a user passkey registration, use the create_register_transaction method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let external_id = "a unique immutable string that represents your user".to_string();
let passkey_display_name =
"the label for the user's passkey that they will see when logging in".to_string();
let transaction = passage_flex
.create_register_transaction(external_id, passkey_display_name)
.await
.unwrap();
Create an Authentication Transaction
To create a transaction to start a user passkey authentication, use the create_authenticate_transaction method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let external_id = "a unique immutable string that represents your user".to_string();
let transaction = passage_flex
.create_authenticate_transaction(external_id)
.await
.unwrap();
Verify a Nonce
To verify a nonce that you received from the end of of passkey registration or authentication ceremony, use the verify_nonce method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let nonce =
"a unique single-use value received from the client after a passkey ceremony".to_string();
match passage_flex.verify_nonce(nonce).await {
Ok(external_id) => {
// use external_id to do things like generate and send your own auth token
}
Err(err) => {
// nonce was invalid or unable to be verified
}
}
Retrieve User Info
To retrieve information about a user by their external ID -- which is the unique, immutable ID you supply to associate the Passage user with your user -- use the get_user method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
// get user info
let user_info = passage_flex.get_user(external_id).await.unwrap();
println!("{:?}", user_info.webauthn_devices);
Retrieve a user's passkey devices
To retrieve information about a user's passkey devices, use the get_devices method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
// get devices
let passkey_devices = passage_flex.get_devices(external_id).await.unwrap();
for device in passkey_devices {
println!("{}", device.usage_count);
}
Revoke a User's Passkey Device
To revoke a user's passkey device, use the revoke_device method.
use passage_flex::PassageFlex;
use chrono::{Duration, NaiveDate, Utc};
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
let last_year = Utc::now().naive_utc().date() - Duration::days(365);
// get devices
let passkey_devices = passage_flex.get_devices(external_id.clone()).await.unwrap();
for device in passkey_devices {
// revoke old devices that haven't been used in the last year
let last_login_at_parsed =
NaiveDate::parse_from_str(&device.last_login_at, "%Y-%m-%dT%H:%M:%S%z").unwrap();
if last_login_at_parsed < last_year {
if let Err(err) = passage_flex
.revoke_device(external_id.clone(), device.id)
.await
{
// device couldn't be revoked
}
}
}
Support & Feedback
We are here to help! Find additional docs, the best ways to get in touch with our team, and more within our support resources.
Passage is a product by 1Password, the global leader in access management solutions with nearly 150k business customers.
This project is licensed under the MIT license. See the LICENSE file for more info.
Dependencies
~5–16MB
~205K SLoC