Code exchange

Following a successful registration or authentication operation, you will receive a code. This can be exchanged for an ExtendedPrincipal, representing the outcome of the operation:

Default

import { exchangeCode, isInvalidCodeError } from '@passlock/server';

const tenancyId = "myTenancyId";
const apiKey = "myApiKey";

try {
  const result = await exchangeCode({ code, tenancyId, apiKey });
} catch (e) {
  if (isInvalidCodeError(e)) {
    console.log("Invalid code");
  }
}

Safe

import { exchangeCode, isExtendedPrincipal } from '@passlock/server/safe';

const tenancyId = "myTenancyId";
const apiKey = "myApiKey";

// could be an ExtendedPrincipal or an error
const result = await exchangeCode({ code, tenancyId, apiKey });

// use the type guard to ensure we have an ExtendedPrincipal
if (isExtendedPrincipal(result)) {
  console.log(result);
} else {
  console.error(result.message);
}

Using REST

Behind the scenes, exchangeCode makes a REST call to the Passlock API. If you prefer you can make the call yourself:

GET /{tenancyId}/principal/{code} HTTP/1.1
Host: https://api.passlock.dev
Accept: application/json
Authorization: Bearer {apiKey}

Codes expire

Codes expire after 5 minutes, so it’s best to authenticate the user, obtain an ExtendedPrincipal and create a local session. Don’t use the code as a local session ID