Passage by 1Password unlocks the passwordless future with a simpler, more secure passkey authentication experience. Passage handles the complexities of the WebAuthn API, and allows you to implement passkeys with ease.
Use Passkey Flex to add passkeys to an existing authentication experience.
Use Passkey Complete as a standalone passwordless auth solution.
Use Passkey Ready to determine if your users are ready for passkeys.
Use passage-flex-rust to implement Passkey Flex into your Rust backend to authenticate requests and manage users.
Product | Compatible |
---|---|
Passkey Flex | ✅ |
Passkey Complete | ✖️ For Passkey Complete, check out the Passkey Complete APIs |
Passkey Ready | ✖️ For Passkey Ready, check out Authentikit |
You'll need a free Passage account and a Passkey Flex app set up in Passage Console to get started.
Learn more about Passage Console →
cargo add passage_flex
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("YOUR_PASSAGE_APP_ID").unwrap(),
std::env::var("YOUR_PASSAGE_API_KEY").unwrap(),
);
Find more details about Passkey Flex on our Passkey Flex Documentation and Docs.rs pages.
To create a transaction to start a user passkey registration, use the create_register_transaction
method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let external_id = "a unique immutable string that represents your user".to_string();
let passkey_display_name =
"the label for the user's passkey that they will see when logging in".to_string();
let transaction = passage_flex
.auth
.create_register_transaction(external_id, passkey_display_name)
.await
.unwrap();
To create a transaction to start a user passkey authentication, use the create_authenticate_transaction
method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let external_id = "a unique immutable string that represents your user".to_string();
let transaction = passage_flex
.auth
.create_authenticate_transaction(external_id)
.await
.unwrap();
To verify a nonce that you received from the end of of passkey registration or authentication ceremony, use the verify_nonce
method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
let nonce =
"a unique single-use value received from the client after a passkey ceremony".to_string();
match passage_flex.auth.verify_nonce(nonce).await {
Ok(external_id) => {
// use external_id to do things like generate and send your own auth token
}
Err(err) => {
// nonce was invalid or unable to be verified
}
}
To retrieve information about a user by their external ID -- which is the unique, immutable ID you supply to associate the Passage user with your user -- use the get
method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
// get user info
let passage_user = passage_flex.user.get(external_id).await.unwrap();
println!("{:?}", passage_user.webauthn_devices);
To retrieve information about a user's passkey devices, use the list_devices
method.
use passage_flex::PassageFlex;
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
// list devices
let passkey_devices = passage_flex.user.list_devices(external_id).await.unwrap();
for device in passkey_devices {
println!("{}", device.usage_count);
}
To revoke a user's passkey device, use the revoke_device
method.
use passage_flex::PassageFlex;
use chrono::{Duration, NaiveDate, Utc};
let passage_flex = PassageFlex::new(
std::env::var("PASSAGE_APP_ID").unwrap(),
std::env::var("PASSAGE_API_KEY").unwrap(),
);
// this is the same value used when creating a transaction
let external_id = your_user.id;
let last_year = Utc::now().naive_utc().date() - Duration::days(365);
// list devices
let passkey_devices = passage_flex.user.list_devices(external_id.clone()).await.unwrap();
for device in passkey_devices {
// revoke old devices that haven't been used in the last year
let last_login_at_parsed =
NaiveDate::parse_from_str(&device.last_login_at, "%Y-%m-%dT%H:%M:%S%z").unwrap();
if last_login_at_parsed < last_year {
if let Err(err) = passage_flex
.user
.revoke_device(external_id.clone(), device.id)
.await
{
// device couldn't be revoked
}
}
}
We are here to help! Find additional docs, the best ways to get in touch with our team, and more within our support resources.
Passage is a product by 1Password, the global leader in access management solutions with nearly 150k business customers.
This project is licensed under the MIT license. See the LICENSE file for more info.