Code exchange

Following a successful registration or authentication operation, your frontend will receive a code. This can be exchanged for an ExtendedPrincipal, representing the outcome of the operation:

frontend/authenticate.ts

import { Passlock } from '@passlock/browser';

const passlock = new Passlock({ tenancyId });

const result = await passlock.authenticatePasskey({
  authenticationToken
});

if (result.success) {
  // send this to your backend
  console.log(result.value.code);
}

backend/authenticate.ts

import { Passlock } from '@passlock/server';

const passlock = new Passlock({ tenancyId, apiKey });

const result = await passlock.exchangeCode({ code });

if (result.success) {
  // will be an ExtendedPrincipal
  console.log(result.value);
}

Using the REST API

Behind the scenes, exchangeCode makes a REST call to the Passlock API. If you prefer you can make the call yourself:

GET /v2/{tenancyId}/principal/{code} HTTP/1.1
Host: https://api.passlock.dev
Accept: application/json
Authorization: Bearer {apiKey}

Codes expire

Codes expire after 5 minutes, so it’s best to authenticate the user, obtain an ExtendedPrincipal and create a local session. Don’t use the code as a local session ID