Authenticate a passkey
Similar to passkey registration, authentication is a three-step process:
- Authorised in your backend
- Authenticated in your frontend
- Verified in your backend
Backend: authorise authentication
Section titled “Backend: authorise authentication”You don’t need a username here. Passkeys are discoverable, meaning the browser/device will prompt the user to select the passkey they want to sign in with:
import { Passlock } from "@passlock/server";
// from your development tenancy settingsconst passlock = new Passlock({ tenancyId: "myTenancyId", apiKey: "myApiKey"});
const result = await passlock.authorizePasskeyAuthentication({ rpId: "example.com", // "localhost" for development discoverable: true, // allow the user to select their passkey});
if (result.success) { return result.authenticationToken;}Frontend: authenticate the passkey
Section titled “Frontend: authenticate the passkey”Pass the authenticationToken to authenticatePasskey:
import { Passlock } from "@passlock/browser";
const passlock = new Passlock({ tenancyId: "myTenancyId" });
loginButton.addEventListener("click", async () => { const authenticationToken = await fetchTokenFromBackend();
const result = await passlock.authenticatePasskey({ authenticationToken });
if (result.success) { await submitTokenToBackend(result.value.code); }});Submit the code to your backend.
Backend: verify the passkey
Section titled “Backend: verify the passkey”After your backend exchanges the code with the Passlock API, use the userId or authenticatorId (passkeyId) to lookup the user and sign them in.
import { Passlock } from "@passlock/server";
// from your development tenancy settingsconst passlock = new Passlock({ tenancyId: "myTenancyId", apiKey: "myApiKey"});
const result = await passlock.exchangeCode({ code });
if (result.success) { const user = await lookupUserById(result.value.userId); // alternatively identify the user by their passkey id const user = await lookupUserByPasskeyId(principal.authenticatorId);};The response is an ExtendedPrincipal.