Linking accounts

During the passkey registration flow, we recommended you link the authenticatorId (passkey id) to a local user account. The Principal also includes a userId property, This defaults to the authenticator/passkey id:

{
  "authenticatorId": "spy28n0bqca11tq",
  "userId": "spy28n0bqca11tq"
}

The passkey userId can be changed to align with your own internal userId. There are some benefits to doing so:

1. It avoids the need for a User <-> Passkey join table on your side
2. You can identify a passkey by meaningful user ID in the Passlock console
3. You can perform operations on multiple passkeys assigned to the same user ID

Tip

A user might need more than one passkey if they use multiple ecosystems e.g. Edge and Android Chrome. Alternatively, they might want to sign in from a work computer that isn’t linked to the same cloud ID as their personal devices. See roaming authenticators

Assigning a custom user ID

The Principal.userId can be changed via the @passlock/server package.

backend/register.ts

import { assignUser } from "@passlock/server";

const passkeyId = "myPasskeyId";
const userId = "myInternalUserId";

const result = await assignUser({ userId, passkeyId }, { tenancyId, apiKey });

if (result.success) {
  console.log(result.value.userId);
}

If you reassign the userId to align with your own internal user IDs, you can use this property to look up local user accounts:

backend/login.ts

import { exchangeCode } from "@passlock/server";

const result = await exchangeCode({ code }, { tenancyId, apiKey });

if (result.success) {
  console.log(result.value);
}

{
  "authenticatorId": "spy28n0bqca11tq",
  "userId": "myInternalUserId"
}

Using the console

Custom user IDs can also be assigned through your Passlock console.