passage_flex

About

Passage by 1Password unlocks the passwordless future with a simpler, more secure passkey authentication experience. Passage handles the complexities of the WebAuthn API, and allows you to implement passkeys with ease.

Use Passkey Flex to add passkeys to an existing authentication experience.

Use Passkey Complete as a standalone passwordless auth solution.

Use Passkey Ready to determine if your users are ready for passkeys.

In passage-flex-rust

Use passage-flex-rust to implement Passkey Flex into your Rust backend to authenticate requests and manage users.

Product	Compatible
Passkey Flex	✅
Passkey Complete	✖️ For Passkey Complete, check out the Passkey Complete APIs
Passkey Ready	✖️ For Passkey Ready, check out Authentikit

Getting Started

Check Prerequisites

You'll need a free Passage account and a Passkey Flex app set up in Passage Console to get started.
_{Learn more about Passage Console →}

Install

cargo add passage_flex

Import

use passage_flex::PassageFlex;

Initialize

let passage_flex = PassageFlex::new(
    std::env::var("YOUR_PASSAGE_APP_ID").unwrap(),
    std::env::var("YOUR_PASSAGE_API_KEY").unwrap(),
);

Go Passwordless

Find more details about Passkey Flex on our Passkey Flex Documentation and Docs.rs pages.

API Reference

Retrieve App Info

To retrieve information about the app, use the get_app method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

let app_info = passage_flex.get_app().await.unwrap();
println!("{}", app_info.auth_origin);

Create a Registration Transaction

To create a transaction to start a user passkey registration, use the create_register_transaction method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

let external_id = "a unique immutable string that represents your user".to_string();
let passkey_display_name =
    "the label for the user's passkey that they will see when logging in".to_string();

let transaction = passage_flex
    .create_register_transaction(external_id, passkey_display_name)
    .await
    .unwrap();

Create an Authentication Transaction

To create a transaction to start a user passkey authentication, use the create_authenticate_transaction method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

let external_id = "a unique immutable string that represents your user".to_string();

let transaction = passage_flex
    .create_authenticate_transaction(external_id)
    .await
    .unwrap();

Verify a Nonce

To verify a nonce that you received from the end of of passkey registration or authentication ceremony, use the verify_nonce method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

let nonce =
    "a unique single-use value received from the client after a passkey ceremony".to_string();

match passage_flex.verify_nonce(nonce).await {
    Ok(external_id) => {
        // use external_id to do things like generate and send your own auth token
    }
    Err(err) => {
        // nonce was invalid or unable to be verified
    }
}

Retrieve User Info

To retrieve information about a user by their external ID -- which is the unique, immutable ID you supply to associate the Passage user with your user -- use the get_user method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

// this is the same value used when creating a transaction
let external_id = your_user.id;

// get user info
let user_info = passage_flex.get_user(external_id).await.unwrap();
println!("{:?}", user_info.webauthn_devices);

Retrieve a user's passkey devices

To retrieve information about a user's passkey devices, use the get_devices method.

use passage_flex::PassageFlex;

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

// this is the same value used when creating a transaction
let external_id = your_user.id;

// get devices
let passkey_devices = passage_flex.get_devices(external_id).await.unwrap();
for device in passkey_devices {
    println!("{}", device.usage_count);
}

Revoke a User's Passkey Device

To revoke a user's passkey device, use the revoke_device method.

use passage_flex::PassageFlex;
use chrono::{Duration, NaiveDate, Utc};

let passage_flex = PassageFlex::new(
    std::env::var("PASSAGE_APP_ID").unwrap(),
    std::env::var("PASSAGE_API_KEY").unwrap(),
);

// this is the same value used when creating a transaction
let external_id = your_user.id;
let last_year = Utc::now().naive_utc().date() - Duration::days(365);

// get devices
let passkey_devices = passage_flex.get_devices(external_id.clone()).await.unwrap();

for device in passkey_devices {
    // revoke old devices that haven't been used in the last year
    let last_login_at_parsed =
        NaiveDate::parse_from_str(&device.last_login_at, "%Y-%m-%dT%H:%M:%S%z").unwrap();

    if last_login_at_parsed < last_year {
        if let Err(err) = passage_flex
            .revoke_device(external_id.clone(), device.id)
            .await
        {
            // device couldn't be revoked
        }
    }
}

Support & Feedback

We are here to help! Find additional docs, the best ways to get in touch with our team, and more within our support resources.

_{Passage is a product by 1Password, the global leader in access management solutions with nearly 150k business customers.
This project is licensed under the MIT license. See the LICENSE file for more info.}