Passage by 1Password - Auth (Independent Publisher) (Preview)
Passage is backed by 1Password's 17+ years of industry-leading security expertise. Completely replace your existing authentication flow or build from scratch with a robust solution for passwordless authentication and customer identity management. Realize the full security, business, and user experience benefits of eliminating passwords by implementing login flows powered by passkeys, magic links, and login codes.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Troy Taylor |
| URL | https://www.hitachisolutions.com |
| ttaylor@hitachisolutions.com |
| Connector Metadata | |
|---|---|
| Publisher | Troy Taylor |
| Website | https://passage.1password.com/ |
| Privacy policy | https://storage.googleapis.com/passage-docs/passage-privacy-policy.pdf |
| Categories | Security |
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| API Key (in the form 'Bearer YOUR_API_KEY') | securestring | The API Key (in the form 'Bearer YOUR_API_KEY') for this api | True |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Authenticate magic link |
Authenticates a magic link for a user. This endpoint checks that the magic link is valid, then returns an authentication token for the user. |
| Authenticate OTP |
Authenticates a one-time passcode for a user. This endpoint checks that the one-time passcode is valid, then returns an authentication token for the user. |
| Change email |
Initiate an email change for the authenticated user. An email change requires verification, so an email will be sent to the user which they must verify before the email change takes effect. |
| Change Phone |
Initiate a phone number change for the authenticated user. A phone number change requires verification, so an SMS with a link will be sent to the user which they must verify before the phone number change takes effect. |
| Create new auth and refresh token |
Creates and returns a new auth token and a new refresh token. |
| Create user |
Create a user. |
| Delete social connection |
Deletes a social connection for the current user. User must be authenticated via a bearer token. |
| Exchange OAuth2 for auth token |
Exchanges OAuth2 connection data for an auth token. |
|
Finish Web |
Completes a WebAuthn add device operation for the current user. User must be authenticated via a bearer token. |
|
Finish Web |
Completes a WebAuthn login and authenticate the user. |
|
Finish Web |
Completes a WebAuthn registration and authenticate the user. |
| Get app |
Retrieve information about an application. |
| Get current user |
Retrieve information about a user that is currently authenticated via bearer token. |
| Get JWKS |
Retrieve JWKS for an app. KIDs in the JWT can be used to match the appropriate JWK, and use the JWK's public key to verify the JWT. |
| Get OpenID configuration |
Retrieve OpenID configuration for an app. |
| Get social connections |
Gets social connections for the current user. User must be authenticated via a bearer token. |
| Get user |
Retrieve user information, if the user exists. This endpoint can be used to determine whether a user has an existing account and if they should login or register. |
| Get user's metadata |
Retrieve the user-metadata for the current user. |
| Handle OAuth2 callback |
Handles an OAuth2 flow callback. |
| Link an account to a connection |
Links an existing account to an OAuth2 connection. |
| List devices |
Retrieve a list of all WebAuthn devices for the authenticated user. User must be authenticated via bearer token. |
| Login with magic link |
Send a login email or SMS to the user. The user will receive an email or text with a link to complete their login. |
| Login with OTP |
Send a login email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their login. |
| Magic link status |
Check if a magic link has been activated yet or not. Once the magic link has been activated, this endpoint will return an authentication token for the user. This endpoint can be used to initiate a login on one device and then poll and wait for the login to complete on another device. |
| Register with magic link |
Create a user and send an registration email or SMS to the user. The user will receive an email or text with a link to complete their registration. |
| Register with OTP |
Create a user and send a registration email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their registration. |
| Revoke device |
Revoke a device by ID for the current user. User must be authenticated via a bearer token. |
| Revoke refresh token |
Revokes the refresh token. |
| Start OAuth2 flow |
Kicks off an OAuth2 flow with connection provider request params described in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest |
|
Start Web |
Initiate a WebAuthn add device operation for the current user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser. User must be authenticated via a bearer token. |
|
Start Web |
Initiate a WebAuthn login for a user. This endpoint creates a WebAuthn credential assertion challenge that is used to perform the login ceremony from the browser. |
|
Start Web |
Initiate a WebAuthn registration and create the user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser. |
| Update device |
Updates a device by ID for the current user. Currently the only field that can be updated is the friendly name. User must be authenticated via a bearer token. |
| Update user's metadata |
Updates the metadata for the current user. Only valid metadata fields are accepted. Invalid metadata fields that are present will abort the update. User must be authenticated via a bearer token. |
Authenticate magic link
Authenticates a magic link for a user. This endpoint checks that the magic link is valid, then returns an authentication token for the user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Magic Link
|
magic_link | True | string |
The magic link. |
Returns
- Body
- AuthResponse
Authenticate OTP
Authenticates a one-time passcode for a user. This endpoint checks that the one-time passcode is valid, then returns an authentication token for the user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
OTP
|
otp | True | string |
The one-time passcode. |
|
OTP ID
|
otp_id | True | string |
The ID of the one-time passcode. |
Returns
- Body
- AuthResponse
Change email
Initiate an email change for the authenticated user. An email change requires verification, so an email will be sent to the user which they must verify before the email change takes effect.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Language
|
language | string |
The language of the email to send (optional). |
|
|
Magic Link Path
|
magic_link_path | string |
The magic link path. |
|
|
New Email
|
new_email | True | string |
The new email. |
|
Redirect URL
|
redirect_url | string |
The redirect URL address. |
Returns
- Body
- MagicLinkResponse
Change Phone
Initiate a phone number change for the authenticated user. A phone number change requires verification, so an SMS with a link will be sent to the user which they must verify before the phone number change takes effect.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Language
|
language | string |
Language of the email to send (optional). |
|
|
Magic Link Path
|
magic_link_path | string |
The magic link path. |
|
|
New Phone
|
new_phone | string |
The new phone number. |
|
|
Redirect URL
|
redirect_url | string |
The redirect URL address. |
Returns
- Body
- MagicLinkResponse
Create new auth and refresh token
Creates and returns a new auth token and a new refresh token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Refresh Token
|
refresh_token | True | string |
The refresh token. |
Returns
- Body
- AuthResponse
Create user
Create a user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
The identifier. |
Returns
- Body
- UserResponse
Delete social connection
Deletes a social connection for the current user. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Social Connection Type
|
social_connection_type | True | string |
The type of social connection. |
Exchange OAuth2 for auth token
Exchanges OAuth2 connection data for an auth token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
OAuth2 Code
|
code | True | string |
The code given from the OAuth2 redirect. |
|
Verifier
|
verifier | True | string |
The verifier the client originally sent to the OAuth2 provider. |
Returns
- Body
- AuthResponse
Finish WebAuthn add device
Completes a WebAuthn add device operation for the current user. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Handshake ID
|
handshake_id | True | string |
The handshake identifier. |
|
Authenticator Attachment
|
authenticatorAttachment | string |
The authenticator attachment. |
|
|
ID
|
id | string |
The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example. |
|
|
Raw ID
|
rawId | string |
The raw identifier. |
|
|
Attestation Object
|
attestationObject | string |
Attestation object is the byte slice version of attestationObject. This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the relying party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data. |
|
|
Client Data JSON
|
clientDataJSON | string |
This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get(). |
|
|
Transports
|
transports | array of string |
The transports. |
|
|
Transports
|
transports | array of string |
The transports. |
|
|
Type
|
type | string |
The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials. |
|
|
User ID
|
user_id | True | string |
The user identifier. |
Returns
- Body
- CurrentUserDevice
Finish WebAuthn login
Completes a WebAuthn login and authenticate the user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Handshake ID
|
handshake_id | True | string |
The handshake identifier. |
|
Authenticator Attachment
|
authenticatorAttachment | string |
The authenticator attachment. |
|
|
ID
|
id | string |
The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example. |
|
|
Raw ID
|
rawId | string |
The raw identifier. |
|
|
Authenticator Data
|
authenticatorData | string |
The authenticator data. |
|
|
Client Data JSON
|
clientDataJSON | string |
This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get(). |
|
|
Signature
|
signature | string |
The signature. |
|
|
User
|
userHandle | string |
The user handle. |
|
|
Type
|
type | string |
The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials. |
|
|
User ID
|
user_id | string |
The user identifier. |
Returns
- Body
- AuthResponse
Finish WebAuthn registration
Completes a WebAuthn registration and authenticate the user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Handshake ID
|
handshake_id | True | string |
The handshake identifier. |
|
Authenticator Attachment
|
authenticatorAttachment | string |
The authenticator attachment. |
|
|
ID
|
id | string |
The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example. |
|
|
Raw ID
|
rawId | string |
The raw identifier. |
|
|
Attestation Object
|
attestationObject | string |
Attestation object is the byte slice version of attestationObject. This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the relying party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data. |
|
|
Client Data JSON
|
clientDataJSON | string |
This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get(). |
|
|
Transports
|
transports | array of string |
The transports. |
|
|
Transports
|
transports | array of string |
The transports. |
|
|
Type
|
type | string |
The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials. |
|
|
User ID
|
user_id | True | string |
The user identifier. |
Returns
- Body
- AuthResponse
Get app
Retrieve information about an application.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- GetAppResponse
Get current user
Retrieve information about a user that is currently authenticated via bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- CurrentUserResponse
Get JWKS
Retrieve JWKS for an app. KIDs in the JWT can be used to match the appropriate JWK, and use the JWK's public key to verify the JWT.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- JWKResponse
Get OpenID configuration
Retrieve OpenID configuration for an app.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- OpenIdConfiguration
Get social connections
Gets social connections for the current user. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
Get user
Retrieve user information, if the user exists. This endpoint can be used to determine whether a user has an existing account and if they should login or register.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Email or Phone
|
identifier | True | string |
Email or phone number. |
Returns
- Body
- UserResponse
Get user's metadata
Retrieve the user-metadata for the current user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- UserMetadataResponse
Handle OAuth2 callback
Handles an OAuth2 flow callback.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
OAuth2 Code
|
code | True | string |
The authorization code returned by the OAuth2 provider. |
|
State
|
state | string |
The state returned by the OAuth2 provider. |
|
|
Error
|
error | string |
The error returned by the OAuth2 provider. |
|
|
Error
|
error_description | string |
The error description returned by the OAuth2 provider. |
Returns
Link an account to a connection
Links an existing account to an OAuth2 connection.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
OAuth2 Code
|
code | True | string |
The code given from the OAuth2 redirect. |
|
Verifier
|
verifier | True | string |
The verifier the client originally sent to the OAuth2 provider. |
List devices
Retrieve a list of all WebAuthn devices for the authenticated user. User must be authenticated via bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- CurrentUserDevices
Login with magic link
Send a login email or SMS to the user. The user will receive an email or text with a link to complete their login.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
Valid email or E164 phone number. |
|
Language
|
language | string |
Language of the email or SMS to send (optional). |
|
|
Magic Link Path
|
magic_link_path | string |
Path relative to the app's auth_origin (optional). |
Returns
Login with OTP
Send a login email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their login.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
Valid email or E164 phone number. |
|
Language
|
language | string |
Language of the email to send (optional). |
Returns
Magic link status
Check if a magic link has been activated yet or not. Once the magic link has been activated, this endpoint will return an authentication token for the user. This endpoint can be used to initiate a login on one device and then poll and wait for the login to complete on another device.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
id | True | string |
The identifier. |
Returns
- Body
- AuthResponse
Register with magic link
Create a user and send an registration email or SMS to the user. The user will receive an email or text with a link to complete their registration.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
Valid email or E164 phone number. |
|
Language
|
language | string |
Language of the email or SMS to send (optional). |
|
|
Magic Link Path
|
magic_link_path | string |
Path relative to the app's auth_origin (optional). |
Returns
Register with OTP
Create a user and send a registration email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their registration.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
Valid email or E164 phone number. |
|
Language
|
language | string |
Language of the email to send (optional). |
Returns
Revoke device
Revoke a device by ID for the current user. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Device ID
|
device_id | True | string |
Device ID. |
Revoke refresh token
Revokes the refresh token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Refresh Token
|
refresh_token | True | string |
Refresh token. |
Start OAuth2 flow
Kicks off an OAuth2 flow with connection provider request params described in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Redirect URI
|
redirect_uri | True | string |
The URL to redirect to after the OAuth2 flow is complete. |
|
State
|
state | string |
The state to pass through to the redirect URI. |
|
|
Code Challenge
|
code_challenge | True | string |
Code challenge. |
|
Code Challenge Method
|
code_challenge_method | True | string |
Code challenge method. |
|
Connection Type
|
connection_type | True | string |
Connection type; google, github, apple, or passage to login with. |
Returns
Start WebAuthn add device
Initiate a WebAuthn add device operation for the current user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Authenticator Attachment
|
authenticator_attachment | string |
Selects the type of authentication that will be used in this WebAuthN flow request. |
Returns
Start WebAuthn login
Initiate a WebAuthn login for a user. This endpoint creates a WebAuthn credential assertion challenge that is used to perform the login ceremony from the browser.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | string |
Valid email or E164 phone number. |
Returns
Start WebAuthn registration
Initiate a WebAuthn registration and create the user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
ID
|
identifier | True | string |
Valid email or E164 phone number. |
|
Authenticator Attachment
|
authenticator_attachment | string |
Selects the type of authentication that will be used in this WebAuthN flow request. |
Returns
Update device
Updates a device by ID for the current user. Currently the only field that can be updated is the friendly name. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
|
Device ID
|
device_id | True | string |
Device ID. |
|
Friendly Name
|
friendly_name | True | string |
The friendly name. |
Returns
- Body
- CurrentUserDevice
Update user's metadata
Updates the metadata for the current user. Only valid metadata fields are accepted. Invalid metadata fields that are present will abort the update. User must be authenticated via a bearer token.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
App ID
|
app_id | True | string |
App ID. |
Returns
- Body
- CurrentUserResponse
Definitions
GetAppResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
app
|
app | App |
LayoutConfig
| Name | Path | Type | Description |
|---|---|---|---|
|
H
|
h | integer |
The H value. |
|
ID
|
id | string |
The identifier. |
|
W
|
w | integer |
The W value. |
|
X
|
x | integer |
The X value. |
|
Y
|
y | integer |
The Y value. |
Layouts
| Name | Path | Type | Description |
|---|---|---|---|
|
Profile
|
profile | array of LayoutConfig | |
|
Registration
|
registration | array of LayoutConfig |
UserMetadataField
| Name | Path | Type | Description |
|---|---|---|---|
|
Field Name
|
field_name | string |
The field name. |
|
Friendly Name
|
friendly_name | string |
The friendly name. |
|
ID
|
id | string |
The identifier. |
|
Profile
|
profile | boolean |
Whether profile. |
|
Registration
|
registration | boolean |
Whether registration. |
|
Type
|
type | string |
The type. |
App
| Name | Path | Type | Description |
|---|---|---|---|
|
Allowed ID
|
allowed_identifier | string |
The allowed identifier. |
|
Auth Fallback Method
|
auth_fallback_method | string |
Deprecated Property. Please refer to |
|
Auth Fallback Method TTL
|
auth_fallback_method_ttl | integer |
Deprecated Property. Please refer to |
|
Auth Methods
|
auth_methods | AuthMethods |
Denotes what methods this app is allowed to use for authentication with configurations. |
|
Auth Origin
|
auth_origin | string |
The auth origin. |
|
Default Language
|
default_language | string |
The default language. |
|
element_customization
|
element_customization | ElementCustomization | |
|
element_customization_dark
|
element_customization_dark | ElementCustomization | |
|
Ephemeral
|
ephemeral | boolean |
Whether ephemeral. |
|
ID
|
id | string |
The identifier. |
|
layouts
|
layouts | Layouts | |
|
Login URL
|
login_url | string |
The login URL address. |
|
Name
|
name | string |
The name. |
|
Passage Branding
|
passage_branding | boolean |
Whether to use Passage branding. |
|
Public Signup
|
public_signup | boolean |
Whether public signup. |
|
Profile Management
|
profile_management | boolean |
Whether profile management. |
|
Redirect URL
|
redirect_url | string |
The redirect URL address. |
|
Email Verification
|
require_email_verification | boolean |
Whether to require email verification. |
|
ID Verification
|
require_identifier_verification | boolean |
Whether to require identifier verification. |
|
Required ID
|
required_identifier | string |
The required identifier. |
|
RSA Public Key
|
rsa_public_key | string |
The RSA public key. |
|
Session Timeout
|
session_timeout_length | integer |
The session timeout length. |
|
social_connections
|
social_connections | SocialConnections | |
|
User Metadata Schema
|
user_metadata_schema | array of UserMetadataField |
SocialConnections
| Name | Path | Type | Description |
|---|---|---|---|
|
google
|
SocialConnection | ||
|
github
|
github | SocialConnection |
SocialConnection
| Name | Path | Type | Description |
|---|---|---|---|
|
Client ID
|
client_id | string |
The client ID of the OAuth2 social connection. |
ElementCustomization
| Name | Path | Type | Description |
|---|---|---|---|
|
Passage Container Background Color
|
passage_container_background_color | string |
Container background color in hex. Default is |
|
Passage Container Max Width
|
passage_container_max_width | integer |
Maximum width of container (px). |
|
Passage Input Box Background Color
|
passage_input_box_background_color | string |
Input box background color in hex. Default is |
|
Passage Input Box Border Radius
|
passage_input_box_border_radius | integer |
Input box border radius (px). |
|
Font
|
passage_header_font_family | FontFamily |
Body font family. |
|
Font
|
passage_body_font_family | FontFamily |
Body font family. |
|
Passage Header Text Color
|
passage_header_text_color | string |
Header text color in hex. Default is |
|
Passage Body Text Color
|
passage_body_text_color | string |
Body text color in hex. Default is |
|
Passage Primary Button Background Color
|
passage_primary_button_background_color | string |
Primary button background color (hex). |
|
Passage Primary Button Text Color
|
passage_primary_button_text_color | string |
Primary button font color (hex). |
|
Passage Primary Button Hover Color
|
passage_primary_button_hover_color | string |
Primary button background on hover (hex). |
|
Passage Primary Button Border Radius
|
passage_primary_button_border_radius | integer |
Primary button border radius (px). |
|
Passage Primary Button Border Color
|
passage_primary_button_border_color | string |
Primary button border color. |
|
Passage Primary Button Border Width
|
passage_primary_button_border_width | integer |
Primary button border width (px). |
|
Passage Secondary Button Background Color
|
passage_secondary_button_background_color | string |
Secondary button background color (hex). |
|
Passage Secondary Secondary Buttn Text Color
|
passage_secondary_button_text_color | string |
Secondary button font color (hex). |
|
Passage Secondary Button Backgroun on Hover
|
passage_secondary_button_hover_color | string |
Secondary button background on hover (hex). |
|
Passage Secondary Button Border Radius
|
passage_secondary_button_border_radius | integer |
Secondary button border radius (px). |
|
Passage Secondary Button Border Color
|
passage_secondary_button_border_color | string |
Secondary button border color. |
|
Passage Secondary Button Border Width
|
passage_secondary_button_border_width | integer |
Secondary button border width (px). |
FontFamily
AuthMethods
Denotes what methods this app is allowed to use for authentication with configurations.
| Name | Path | Type | Description |
|---|---|---|---|
|
Passkeys Auth Method
|
passkeys | PasskeysAuthMethod |
The passkeys auth method object. |
|
otp
|
otp | OtpAuthMethod | |
|
magic_link
|
magic_link | MagicLinkAuthMethod |
PasskeysAuthMethod
The passkeys auth method object.
| Name | Path | Type | Description |
|---|---|---|---|
|
Passkeys Auth Method
|
object |
The passkeys auth method object. |
OtpAuthMethod
| Name | Path | Type | Description |
|---|---|---|---|
|
TTL
|
ttl | integer |
Maximum time (IN SECONDS) for the auth to expire. |
|
TTL Display Unit
|
ttl_display_unit | TtlDisplayUnit |
Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * |
MagicLinkAuthMethod
| Name | Path | Type | Description |
|---|---|---|---|
|
TTL
|
ttl | integer |
Maximum time (IN SECONDS) for the auth to expire. |
|
TTL Display Unit
|
ttl_display_unit | TtlDisplayUnit |
Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * |
TtlDisplayUnit
Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .
Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .
- TTL Display Unit
- string
JWKResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
JWK Response Keys
|
keys | array of JWKResponse_keys |
OpenIdConfiguration
| Name | Path | Type | Description |
|---|---|---|---|
|
Authorization Endpoint
|
authorization_endpoint | string |
The authorization endpoint. |
|
Issuer
|
issuer | string |
The issuer. |
|
JWKs URI
|
jwks_uri | string |
The JWKs URI. |
CurrentUserResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
user
|
user | CurrentUser |
Credential
| Name | Path | Type | Description |
|---|---|---|---|
|
Created at
|
created_at | string |
The first time this webAuthn device was used to authenticate the user. |
|
Cred ID
|
cred_id | string |
The Cred ID for this webAuthn device (encoded to match what is stored in psg_cred_obj). |
|
Friendly Name
|
friendly_name | string |
The friendly name for the webAuthn device used to authenticate. |
|
ID
|
id | string |
The ID of the webAuthn device used for authentication. |
|
Last Login At
|
last_login_at | string |
The last time this webAuthn device was used to authenticate the user. |
|
WebAuthn Type
|
type | WebAuthnType |
The type of this credential. |
|
Updated At
|
updated_at | string |
The last time this webAuthn device was updated. |
|
Usage Count
|
usage_count | integer |
How many times this webAuthn device has been used to authenticate the user. |
|
User ID
|
user_id | string |
The userID for this webAuthn device. |
|
icons
|
icons | WebAuthnIcons |
Contains the light and dark SVG icons that represent the brand of those devices Values can be null or base64 encoded SVG. Example of SVG output: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDE5MiAxOTIiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDE5MiAxOTIiIHdpZHRoPSIyNHB4Ij48cmVjdCBmaWxsPSJub25lIiBoZWlnaHQ9IjE5MiIgd2lkdGg9IjE5MiIgeT0iMCIvPjxnPjxwYXRoIGQ9Ik02OS4yOSwxMDZjLTMuNDYsNS45Ny05LjkxLDEwLTE3LjI5LDEwYy0xMS4wMywwLTIwLTguOTctMjAtMjBzOC45Ny0yMCwyMC0yMCBjNy4zOCwwLDEzLjgzLDQuMDMsMTcuMjksMTBoMjUuNTVDOTAuMyw2Ni41NCw3Mi44Miw1Miw1Miw1MkMyNy43NCw1Miw4LDcxLjc0LDgsOTZzMTkuNzQsNDQsNDQsNDRjMjAuODIsMCwzOC4zLTE0LjU0LDQyLjg0LTM0IEg2OS4yOXoiIGZpbGw9IiM0Mjg1RjQiLz48cmVjdCBmaWxsPSIjRkJCQzA0IiBoZWlnaHQ9IjI0IiB3aWR0aD0iNDQiIHg9Ijk0IiB5PSI4NCIvPjxwYXRoIGQ9Ik05NC4zMiw4NEg2OHYwLjA1YzIuNSwzLjM0LDQsNy40Nyw0LDExLjk1cy0xLjUsOC42MS00LDExLjk1VjEwOGgyNi4zMiBjMS4wOC0zLjgyLDEuNjgtNy44NCwxLjY4LTEyUzk1LjQxLDg3LjgyLDk0LjMyLDg0eiIgZmlsbD0iI0VBNDMzNSIvPjxwYXRoIGQ9Ik0xODQsMTA2djI2aC0xNnYtOGMwLTQuNDItMy41OC04LTgtOHMtOCwzLjU4LTgsOHY4aC0xNnYtMjZIMTg0eiIgZmlsbD0iIzM0QTg1MyIvPjxyZWN0IGZpbGw9IiMxODgwMzgiIGhlaWdodD0iMjQiIHdpZHRoPSI0OCIgeD0iMTM2IiB5PSI4NCIvPjwvZz48L3N2Zz4= |
CurrentUser
| Name | Path | Type | Description |
|---|---|---|---|
|
Created At
|
created_at | string |
When this user was created. |
|
Email
|
string |
The user's email. |
|
|
Email Verified
|
email_verified | boolean |
Whether or not the user's email has been verified. |
|
ID
|
id | string |
The user ID. |
|
Last Login At
|
last_login_at | string |
The last time this user logged in. |
|
Login Count
|
login_count | integer |
How many times the user has successfully logged in. |
|
Phone
|
phone | string |
The user's phone. |
|
Phone Verified
|
phone_verified | boolean |
Whether or not the user's phone has been verified. |
|
social_connections
|
social_connections | UserSocialConnections | |
|
User Status
|
status | UserStatus |
User status: active, inactive, pending. |
|
Updated At
|
updated_at | string |
When this user was last updated. |
|
WebAuthn
|
webauthn | boolean |
Whether or not the user has authenticated via webAuthn before (if len(WebAuthnDevices) > 0). |
|
WebAuthn Devices
|
webauthn_devices | array of Credential |
The list of devices this user has authenticated with via webAuthn. |
|
WebAuthn Types
|
webauthn_types | array of WebAuthnType |
Retrieve a list of credential types that the user has created. |
CurrentUserDevices
| Name | Path | Type | Description |
|---|---|---|---|
|
Devices
|
devices | array of Credential |
CurrentUserDevice
| Name | Path | Type | Description |
|---|---|---|---|
|
device
|
device | Credential |
AddDeviceStartResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
handshake
|
handshake | CredentialCreationChallenge | |
|
user
|
user | User |
MagicLinkResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
magic_link
|
magic_link | MagicLink |
MagicLink
| Name | Path | Type | Description |
|---|---|---|---|
|
ID
|
id | string |
The magic link identifier. |
UserMetadataResponse
LoginMagicLinkResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
magic_link
|
magic_link | MagicLink |
RegisterMagicLinkResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
magic_link
|
magic_link | MagicLink |
UserResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
user
|
user | User |
LoginWebAuthnStartResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
handshake
|
handshake | CredentialAssertionChallenge | |
|
user
|
user | User |
CredentialAssertionChallenge
| Name | Path | Type | Description |
|---|---|---|---|
|
challenge
|
challenge | protocol.CredentialAssertion | |
|
ID
|
id | string |
The identifier. |
protocol.CredentialAssertion
| Name | Path | Type | Description |
|---|---|---|---|
|
publicKey
|
publicKey | protocol.CredentialAssertion_publicKey |
WebAuthnIcons
Contains the light and dark SVG icons that represent the brand of those devices Values can be null or base64 encoded SVG. Example of SVG output: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDE5MiAxOTIiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDE5MiAxOTIiIHdpZHRoPSIyNHB4Ij48cmVjdCBmaWxsPSJub25lIiBoZWlnaHQ9IjE5MiIgd2lkdGg9IjE5MiIgeT0iMCIvPjxnPjxwYXRoIGQ9Ik02OS4yOSwxMDZjLTMuNDYsNS45Ny05LjkxLDEwLTE3LjI5LDEwYy0xMS4wMywwLTIwLTguOTctMjAtMjBzOC45Ny0yMCwyMC0yMCBjNy4zOCwwLDEzLjgzLDQuMDMsMTcuMjksMTBoMjUuNTVDOTAuMyw2Ni41NCw3Mi44Miw1Miw1Miw1MkMyNy43NCw1Miw4LDcxLjc0LDgsOTZzMTkuNzQsNDQsNDQsNDRjMjAuODIsMCwzOC4zLTE0LjU0LDQyLjg0LTM0IEg2OS4yOXoiIGZpbGw9IiM0Mjg1RjQiLz48cmVjdCBmaWxsPSIjRkJCQzA0IiBoZWlnaHQ9IjI0IiB3aWR0aD0iNDQiIHg9Ijk0IiB5PSI4NCIvPjxwYXRoIGQ9Ik05NC4zMiw4NEg2OHYwLjA1YzIuNSwzLjM0LDQsNy40Nyw0LDExLjk1cy0xLjUsOC42MS00LDExLjk1VjEwOGgyNi4zMiBjMS4wOC0zLjgyLDEuNjgtNy44NCwxLjY4LTEyUzk1LjQxLDg3LjgyLDk0LjMyLDg0eiIgZmlsbD0iI0VBNDMzNSIvPjxwYXRoIGQ9Ik0xODQsMTA2djI2aC0xNnYtOGMwLTQuNDItMy41OC04LTgtOHMtOCwzLjU4LTgsOHY4aC0xNnYtMjZIMTg0eiIgZmlsbD0iIzM0QTg1MyIvPjxyZWN0IGZpbGw9IiMxODgwMzgiIGhlaWdodD0iMjQiIHdpZHRoPSI0OCIgeD0iMTM2IiB5PSI4NCIvPjwvZz48L3N2Zz4=
| Name | Path | Type | Description |
|---|---|---|---|
|
Light Icon
|
light | string |
The light icon. |
|
Dark Icon
|
dark | string |
The dark icon. |
OneTimePasscodeResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
OTP ID
|
otp_id | string |
The ID of the one-time passcode. Provide it when activating. |
RegisterWebAuthnStartResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
handshake
|
handshake | CredentialCreationChallenge | |
|
user
|
user | User |
SocialConnectionsResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
social_connections
|
social_connections | UserSocialConnections |
GoogleSocialConnection
| Name | Path | Type | Description |
|---|---|---|---|
|
Provider ID
|
provider_id | string |
The external ID of the social connection. |
|
Created At
|
created_at | date-time |
When created at. |
|
Last Login At
|
last_login_at | date-time |
The last login at. |
|
Provider ID
|
provider_identifier | string |
The email of connected social user. |
GithubSocialConnection
| Name | Path | Type | Description |
|---|---|---|---|
|
Provider ID
|
provider_id | string |
The external ID of the social connection. |
|
Created At
|
created_at | date-time |
When created at. |
|
Last Login At
|
last_login_at | date-time |
The last login at. |
|
Provider ID
|
provider_identifier | string |
The email of connected social user. |
UserSocialConnections
| Name | Path | Type | Description |
|---|---|---|---|
|
google
|
GoogleSocialConnection | ||
|
github
|
github | GithubSocialConnection |
UserStatus
WebAuthnType
CredentialCreation
| Name | Path | Type | Description |
|---|---|---|---|
|
publicKey
|
publicKey | CredentialCreation_publicKey |
CredentialCreationChallenge
| Name | Path | Type | Description |
|---|---|---|---|
|
challenge
|
challenge | CredentialCreation | |
|
ID
|
id | string |
The identifier. |
User
| Name | Path | Type | Description |
|---|---|---|---|
|
Email
|
string |
The email address. |
|
|
Email Verified
|
email_verified | boolean |
Whether or not the user's email has been verified. |
|
ID
|
id | string |
The identifier. |
|
Phone
|
phone | string |
The phone number. |
|
Phone Verified
|
phone_verified | boolean |
Whether or not the user's phone has been verified. |
|
User Status
|
status | UserStatus |
User status: active, inactive, pending. |
|
WebAuthn Verified
|
webauthn | boolean |
Whether WebAuthn is verified. |
|
WebAuthn Types
|
webauthn_types | array of WebAuthnType |
AuthResult
| Name | Path | Type | Description |
|---|---|---|---|
|
Auth Token
|
auth_token | string |
The auth token. |
|
Redirect URL
|
redirect_url | string |
The redirect URL address. |
|
Refresh Token
|
refresh_token | string |
The refresh token. |
|
Refresh Token Expiration
|
refresh_token_expiration | integer |
The refresh token expiration. |
AuthResponse
| Name | Path | Type | Description |
|---|---|---|---|
|
auth_result
|
auth_result | AuthResult |
JWKResponse_keys
| Name | Path | Type | Description |
|---|---|---|---|
|
Algorithm
|
alg | string |
The algorithm for the key. |
|
Exponent
|
e | string |
The exponent for the standard pem. |
|
Key ID
|
kid | string |
The unique identifier for the key. |
|
Key Type
|
kty | string |
The key type (https://datatracker.ietf.org/doc/html/rfc7518) |
|
Modulus
|
n | string |
The modulus for a standard pem. |
|
Use
|
use | string |
How the key is meant to be used (i.e. 'sig' represents signature) |
protocol.CredentialAssertion_publicKey
| Name | Path | Type | Description |
|---|---|---|---|
|
Challenge
|
challenge | string |
The challenge. |
|
RP ID
|
rpId | string |
The RP identifier. |
|
Timeout
|
timeout | integer |
The timeout. |
|
User Verification
|
userVerification | string |
This member describes the relying party's requirements regarding user verification for the create() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement. |
CredentialCreation_publicKey_authenticatorSelection
| Name | Path | Type | Description |
|---|---|---|---|
|
Authenticator Attachment
|
authenticatorAttachment | string |
If this member is present, eligible authenticators are filtered to only authenticators attached with the specified AuthenticatorAttachment enum. |
|
Require Resident Key
|
requireResidentKey | boolean |
This member describes the relying party's requirements regarding resident credentials. If the parameter is set to true, the authenticator MUST create a client-side-resident public key credential source when creating a public key credential. |
|
Resident Key
|
residentKey | string |
This member describes the relying party's requirements regarding resident credentials per Webauthn Level 2. |
|
User Verification
|
userVerification | string |
This member describes the relying party's requirements regarding user verification for the create() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement. |
CredentialCreation_publicKey_excludeCredentials
| Name | Path | Type | Description |
|---|---|---|---|
|
ID
|
id | string |
The ID of a credential to allow/disallow. |
|
Transports
|
transports | array of string |
The authenticator transports that can be used. |
|
Type
|
type | string |
The valid credential types. |
CredentialCreation_publicKey_pubKeyCredParams
| Name | Path | Type | Description |
|---|---|---|---|
|
Algorithm
|
alg | integer |
The algorithm. |
|
Type
|
type | string |
The type. |
CredentialCreation_publicKey_rp
| Name | Path | Type | Description |
|---|---|---|---|
|
Icon
|
icon | string |
A serialized URL which resolves to an image associated with the entity. For example, this could be a user's avatar or a relying party's logo. This URL MUST be an a priori authenticated URL. Authenticators MUST accept and store a 128-byte minimum length for an icon member's value. Authenticators MAY ignore an icon member's value if its length is greater than 128 bytes. The URL's scheme MAY be "data" to avoid fetches of the URL, at the cost of needing more storage. Deprecated: this has been removed from the specification recommendations. |
|
ID
|
id | string |
A unique identifier for the relying party entity, which sets the RP ID. |
|
Name
|
name | string |
A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents: When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the relying party, intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех". When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234". |
CredentialCreation_publicKey_user
| Name | Path | Type | Description |
|---|---|---|---|
|
Display Name
|
displayName | string |
A human-palatable name for the user account, intended only for display. The relying party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. |
|
Icon
|
icon | string |
A serialized URL which resolves to an image associated with the entity. For example, this could be a user's avatar or a relying party's logo. This URL MUST be an a priori authenticated URL. Authenticators MUST accept and store a 128-byte minimum length for an icon member's value. Authenticators MAY ignore an icon member's value if its length is greater than 128 bytes. The URL's scheme MAY be "data" to avoid fetches of the URL, at the cost of needing more storage. Deprecated: this has been removed from the specification recommendations. |
|
ID
|
id | object |
The user handle of the user account entity. To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id member, not the displayName nor name members. See Section 6.1 of RFC8266. |
|
Name
|
name | string |
A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents: When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the relying party, intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех". When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234". |
CredentialCreation_publicKey
| Name | Path | Type | Description |
|---|---|---|---|
|
Attestation
|
attestation | string |
The attestation. |
|
authenticatorSelection
|
authenticatorSelection | CredentialCreation_publicKey_authenticatorSelection | |
|
Challenge
|
challenge | string |
The challege. |
|
Excluded Credentials
|
excludeCredentials | array of CredentialCreation_publicKey_excludeCredentials | |
|
Public Key Cred Params
|
pubKeyCredParams | array of CredentialCreation_publicKey_pubKeyCredParams | |
|
rp
|
rp | CredentialCreation_publicKey_rp | |
|
Timeout
|
timeout | integer |
The timeout. |
|
user
|
user | CredentialCreation_publicKey_user |