Share via


Passage by 1Password - Auth (Independent Publisher) (Preview)

Passage is backed by 1Password's 17+ years of industry-leading security expertise. Completely replace your existing authentication flow or build from scratch with a robust solution for passwordless authentication and customer identity management. Realize the full security, business, and user experience benefits of eliminating passwords by implementing login flows powered by passkeys, magic links, and login codes.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Troy Taylor
URL https://www.hitachisolutions.com
Email ttaylor@hitachisolutions.com
Connector Metadata
Publisher Troy Taylor
Website https://passage.1password.com/
Privacy policy https://storage.googleapis.com/passage-docs/passage-privacy-policy.pdf
Categories Security

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
API Key (in the form 'Bearer YOUR_API_KEY') securestring The API Key (in the form 'Bearer YOUR_API_KEY') for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Authenticate magic link

Authenticates a magic link for a user. This endpoint checks that the magic link is valid, then returns an authentication token for the user.

Authenticate OTP

Authenticates a one-time passcode for a user. This endpoint checks that the one-time passcode is valid, then returns an authentication token for the user.

Change email

Initiate an email change for the authenticated user. An email change requires verification, so an email will be sent to the user which they must verify before the email change takes effect.

Change Phone

Initiate a phone number change for the authenticated user. A phone number change requires verification, so an SMS with a link will be sent to the user which they must verify before the phone number change takes effect.

Create new auth and refresh token

Creates and returns a new auth token and a new refresh token.

Create user

Create a user.

Delete social connection

Deletes a social connection for the current user. User must be authenticated via a bearer token.

Exchange OAuth2 for auth token

Exchanges OAuth2 connection data for an auth token.

Finish WebAuthn add device

Completes a WebAuthn add device operation for the current user. User must be authenticated via a bearer token.

Finish WebAuthn login

Completes a WebAuthn login and authenticate the user.

Finish WebAuthn registration

Completes a WebAuthn registration and authenticate the user.

Get app

Retrieve information about an application.

Get current user

Retrieve information about a user that is currently authenticated via bearer token.

Get JWKS

Retrieve JWKS for an app. KIDs in the JWT can be used to match the appropriate JWK, and use the JWK's public key to verify the JWT.

Get OpenID configuration

Retrieve OpenID configuration for an app.

Get social connections

Gets social connections for the current user. User must be authenticated via a bearer token.

Get user

Retrieve user information, if the user exists. This endpoint can be used to determine whether a user has an existing account and if they should login or register.

Get user's metadata

Retrieve the user-metadata for the current user.

Handle OAuth2 callback

Handles an OAuth2 flow callback.

Link an account to a connection

Links an existing account to an OAuth2 connection.

List devices

Retrieve a list of all WebAuthn devices for the authenticated user. User must be authenticated via bearer token.

Login with magic link

Send a login email or SMS to the user. The user will receive an email or text with a link to complete their login.

Login with OTP

Send a login email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their login.

Magic link status

Check if a magic link has been activated yet or not. Once the magic link has been activated, this endpoint will return an authentication token for the user. This endpoint can be used to initiate a login on one device and then poll and wait for the login to complete on another device.

Register with magic link

Create a user and send an registration email or SMS to the user. The user will receive an email or text with a link to complete their registration.

Register with OTP

Create a user and send a registration email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their registration.

Revoke device

Revoke a device by ID for the current user. User must be authenticated via a bearer token.

Revoke refresh token

Revokes the refresh token.

Start OAuth2 flow

Kicks off an OAuth2 flow with connection provider request params described in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

Start WebAuthn add device

Initiate a WebAuthn add device operation for the current user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser. User must be authenticated via a bearer token.

Start WebAuthn login

Initiate a WebAuthn login for a user. This endpoint creates a WebAuthn credential assertion challenge that is used to perform the login ceremony from the browser.

Start WebAuthn registration

Initiate a WebAuthn registration and create the user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser.

Update device

Updates a device by ID for the current user. Currently the only field that can be updated is the friendly name. User must be authenticated via a bearer token.

Update user's metadata

Updates the metadata for the current user. Only valid metadata fields are accepted. Invalid metadata fields that are present will abort the update. User must be authenticated via a bearer token.

Authenticates a magic link for a user. This endpoint checks that the magic link is valid, then returns an authentication token for the user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Magic Link
magic_link True string

The magic link.

Returns

Authenticate OTP

Authenticates a one-time passcode for a user. This endpoint checks that the one-time passcode is valid, then returns an authentication token for the user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

OTP
otp True string

The one-time passcode.

OTP ID
otp_id True string

The ID of the one-time passcode.

Returns

Change email

Initiate an email change for the authenticated user. An email change requires verification, so an email will be sent to the user which they must verify before the email change takes effect.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Language
language string

The language of the email to send (optional).

Magic Link Path
magic_link_path string

The magic link path.

New Email
new_email True string

The new email.

Redirect URL
redirect_url string

The redirect URL address.

Returns

Change Phone

Initiate a phone number change for the authenticated user. A phone number change requires verification, so an SMS with a link will be sent to the user which they must verify before the phone number change takes effect.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Language
language string

Language of the email to send (optional).

Magic Link Path
magic_link_path string

The magic link path.

New Phone
new_phone string

The new phone number.

Redirect URL
redirect_url string

The redirect URL address.

Returns

Create new auth and refresh token

Creates and returns a new auth token and a new refresh token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Refresh Token
refresh_token True string

The refresh token.

Returns

Create user

Create a user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

The identifier.

Returns

Delete social connection

Deletes a social connection for the current user. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Social Connection Type
social_connection_type True string

The type of social connection.

Exchange OAuth2 for auth token

Exchanges OAuth2 connection data for an auth token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

OAuth2 Code
code True string

The code given from the OAuth2 redirect.

Verifier
verifier True string

The verifier the client originally sent to the OAuth2 provider.

Returns

Finish WebAuthn add device

Completes a WebAuthn add device operation for the current user. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Handshake ID
handshake_id True string

The handshake identifier.

Authenticator Attachment
authenticatorAttachment string

The authenticator attachment.

ID
id string

The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example.

Raw ID
rawId string

The raw identifier.

Attestation Object
attestationObject string

Attestation object is the byte slice version of attestationObject. This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the relying party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data.

Client Data JSON
clientDataJSON string

This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().

Transports
transports array of string

The transports.

Transports
transports array of string

The transports.

Type
type string

The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials.

User ID
user_id True string

The user identifier.

Returns

Finish WebAuthn login

Completes a WebAuthn login and authenticate the user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Handshake ID
handshake_id True string

The handshake identifier.

Authenticator Attachment
authenticatorAttachment string

The authenticator attachment.

ID
id string

The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example.

Raw ID
rawId string

The raw identifier.

Authenticator Data
authenticatorData string

The authenticator data.

Client Data JSON
clientDataJSON string

This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().

Signature
signature string

The signature.

User
userHandle string

The user handle.

Type
type string

The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials.

User ID
user_id string

The user identifier.

Returns

Finish WebAuthn registration

Completes a WebAuthn registration and authenticate the user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Handshake ID
handshake_id True string

The handshake identifier.

Authenticator Attachment
authenticatorAttachment string

The authenticator attachment.

ID
id string

The credential's identifier. The requirements for the identifier are distinct for each type of credential. It might represent a username for username/password tuples, for example.

Raw ID
rawId string

The raw identifier.

Attestation Object
attestationObject string

Attestation object is the byte slice version of attestationObject. This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the relying party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data.

Client Data JSON
clientDataJSON string

This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().

Transports
transports array of string

The transports.

Transports
transports array of string

The transports.

Type
type string

The value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object. This should be type "public-key" for Webauthn credentials.

User ID
user_id True string

The user identifier.

Returns

Get app

Retrieve information about an application.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Get current user

Retrieve information about a user that is currently authenticated via bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Get JWKS

Retrieve JWKS for an app. KIDs in the JWT can be used to match the appropriate JWK, and use the JWK's public key to verify the JWT.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Get OpenID configuration

Retrieve OpenID configuration for an app.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Get social connections

Gets social connections for the current user. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Get user

Retrieve user information, if the user exists. This endpoint can be used to determine whether a user has an existing account and if they should login or register.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Email or Phone
identifier True string

Email or phone number.

Returns

Get user's metadata

Retrieve the user-metadata for the current user.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Handle OAuth2 callback

Handles an OAuth2 flow callback.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

OAuth2 Code
code True string

The authorization code returned by the OAuth2 provider.

State
state string

The state returned by the OAuth2 provider.

Error
error string

The error returned by the OAuth2 provider.

Error
error_description string

The error description returned by the OAuth2 provider.

Returns

Links an existing account to an OAuth2 connection.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

OAuth2 Code
code True string

The code given from the OAuth2 redirect.

Verifier
verifier True string

The verifier the client originally sent to the OAuth2 provider.

List devices

Retrieve a list of all WebAuthn devices for the authenticated user. User must be authenticated via bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Send a login email or SMS to the user. The user will receive an email or text with a link to complete their login.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

Valid email or E164 phone number.

Language
language string

Language of the email or SMS to send (optional).

Magic Link Path
magic_link_path string

Path relative to the app's auth_origin (optional).

Returns

Login with OTP

Send a login email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their login.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

Valid email or E164 phone number.

Language
language string

Language of the email to send (optional).

Returns

Check if a magic link has been activated yet or not. Once the magic link has been activated, this endpoint will return an authentication token for the user. This endpoint can be used to initiate a login on one device and then poll and wait for the login to complete on another device.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
id True string

The identifier.

Returns

Create a user and send an registration email or SMS to the user. The user will receive an email or text with a link to complete their registration.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

Valid email or E164 phone number.

Language
language string

Language of the email or SMS to send (optional).

Magic Link Path
magic_link_path string

Path relative to the app's auth_origin (optional).

Returns

Register with OTP

Create a user and send a registration email or SMS to the user. The user will receive an email or text with a one-time passcode to complete their registration.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

Valid email or E164 phone number.

Language
language string

Language of the email to send (optional).

Returns

Revoke device

Revoke a device by ID for the current user. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Device ID
device_id True string

Device ID.

Revoke refresh token

Revokes the refresh token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Refresh Token
refresh_token True string

Refresh token.

Start OAuth2 flow

Kicks off an OAuth2 flow with connection provider request params described in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Redirect URI
redirect_uri True string

The URL to redirect to after the OAuth2 flow is complete.

State
state string

The state to pass through to the redirect URI.

Code Challenge
code_challenge True string

Code challenge.

Code Challenge Method
code_challenge_method True string

Code challenge method.

Connection Type
connection_type True string

Connection type; google, github, apple, or passage to login with.

Returns

Start WebAuthn add device

Initiate a WebAuthn add device operation for the current user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Authenticator Attachment
authenticator_attachment string

Selects the type of authentication that will be used in this WebAuthN flow request.

Returns

Start WebAuthn login

Initiate a WebAuthn login for a user. This endpoint creates a WebAuthn credential assertion challenge that is used to perform the login ceremony from the browser.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier string

Valid email or E164 phone number.

Returns

Start WebAuthn registration

Initiate a WebAuthn registration and create the user. This endpoint creates a WebAuthn credential creation challenge that is used to perform the registration ceremony from the browser.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

ID
identifier True string

Valid email or E164 phone number.

Authenticator Attachment
authenticator_attachment string

Selects the type of authentication that will be used in this WebAuthN flow request.

Returns

Update device

Updates a device by ID for the current user. Currently the only field that can be updated is the friendly name. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Device ID
device_id True string

Device ID.

Friendly Name
friendly_name True string

The friendly name.

Returns

Update user's metadata

Updates the metadata for the current user. Only valid metadata fields are accepted. Invalid metadata fields that are present will abort the update. User must be authenticated via a bearer token.

Parameters

Name Key Required Type Description
App ID
app_id True string

App ID.

Returns

Definitions

GetAppResponse

Name Path Type Description
app
app App

LayoutConfig

Name Path Type Description
H
h integer

The H value.

ID
id string

The identifier.

W
w integer

The W value.

X
x integer

The X value.

Y
y integer

The Y value.

Layouts

Name Path Type Description
Profile
profile array of LayoutConfig
Registration
registration array of LayoutConfig

UserMetadataField

Name Path Type Description
Field Name
field_name string

The field name.

Friendly Name
friendly_name string

The friendly name.

ID
id string

The identifier.

Profile
profile boolean

Whether profile.

Registration
registration boolean

Whether registration.

Type
type string

The type.

App

Name Path Type Description
Allowed ID
allowed_identifier string

The allowed identifier.

Auth Fallback Method
auth_fallback_method string

Deprecated Property. Please refer to auth_methods to view settings for individual authentication methods.

Auth Fallback Method TTL
auth_fallback_method_ttl integer

Deprecated Property. Please refer to auth_methods to view settings for individual authentication methods.

Auth Methods
auth_methods AuthMethods

Denotes what methods this app is allowed to use for authentication with configurations.

Auth Origin
auth_origin string

The auth origin.

Default Language
default_language string

The default language.

element_customization
element_customization ElementCustomization
element_customization_dark
element_customization_dark ElementCustomization
Ephemeral
ephemeral boolean

Whether ephemeral.

ID
id string

The identifier.

layouts
layouts Layouts
Login URL
login_url string

The login URL address.

Name
name string

The name.

Passage Branding
passage_branding boolean

Whether to use Passage branding.

Public Signup
public_signup boolean

Whether public signup.

Profile Management
profile_management boolean

Whether profile management.

Redirect URL
redirect_url string

The redirect URL address.

Email Verification
require_email_verification boolean

Whether to require email verification.

ID Verification
require_identifier_verification boolean

Whether to require identifier verification.

Required ID
required_identifier string

The required identifier.

RSA Public Key
rsa_public_key string

The RSA public key.

Session Timeout
session_timeout_length integer

The session timeout length.

social_connections
social_connections SocialConnections
User Metadata Schema
user_metadata_schema array of UserMetadataField

SocialConnections

Name Path Type Description
google
google SocialConnection
github
github SocialConnection

SocialConnection

Name Path Type Description
Client ID
client_id string

The client ID of the OAuth2 social connection.

ElementCustomization

Name Path Type Description
Passage Container Background Color
passage_container_background_color string

Container background color in hex. Default is #ffffff in light mode & #383838 in dark mode.

Passage Container Max Width
passage_container_max_width integer

Maximum width of container (px).

Passage Input Box Background Color
passage_input_box_background_color string

Input box background color in hex. Default is #ffffff in light mode & #4b4b4b in dark mode.

Passage Input Box Border Radius
passage_input_box_border_radius integer

Input box border radius (px).

Font
passage_header_font_family FontFamily

Body font family.

Font
passage_body_font_family FontFamily

Body font family.

Passage Header Text Color
passage_header_text_color string

Header text color in hex. Default is #222222 in light mode & #f3f3f3 in dark mode.

Passage Body Text Color
passage_body_text_color string

Body text color in hex. Default is #222222 in light mode & #f3f3f3 in dark mode.

Passage Primary Button Background Color
passage_primary_button_background_color string

Primary button background color (hex).

Passage Primary Button Text Color
passage_primary_button_text_color string

Primary button font color (hex).

Passage Primary Button Hover Color
passage_primary_button_hover_color string

Primary button background on hover (hex).

Passage Primary Button Border Radius
passage_primary_button_border_radius integer

Primary button border radius (px).

Passage Primary Button Border Color
passage_primary_button_border_color string

Primary button border color.

Passage Primary Button Border Width
passage_primary_button_border_width integer

Primary button border width (px).

Passage Secondary Button Background Color
passage_secondary_button_background_color string

Secondary button background color (hex).

Passage Secondary Secondary Buttn Text Color
passage_secondary_button_text_color string

Secondary button font color (hex).

Passage Secondary Button Backgroun on Hover
passage_secondary_button_hover_color string

Secondary button background on hover (hex).

Passage Secondary Button Border Radius
passage_secondary_button_border_radius integer

Secondary button border radius (px).

Passage Secondary Button Border Color
passage_secondary_button_border_color string

Secondary button border color.

Passage Secondary Button Border Width
passage_secondary_button_border_width integer

Secondary button border width (px).

FontFamily

Body font family.

Body font family.

Font
string

AuthMethods

Denotes what methods this app is allowed to use for authentication with configurations.

Name Path Type Description
Passkeys Auth Method
passkeys PasskeysAuthMethod

The passkeys auth method object.

otp
otp OtpAuthMethod
magic_link
magic_link MagicLinkAuthMethod

PasskeysAuthMethod

The passkeys auth method object.

Name Path Type Description
Passkeys Auth Method
object

The passkeys auth method object.

OtpAuthMethod

Name Path Type Description
TTL
ttl integer

Maximum time (IN SECONDS) for the auth to expire.

TTL Display Unit
ttl_display_unit TtlDisplayUnit

Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .

MagicLinkAuthMethod

Name Path Type Description
TTL
ttl integer

Maximum time (IN SECONDS) for the auth to expire.

TTL Display Unit
ttl_display_unit TtlDisplayUnit

Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .

TtlDisplayUnit

Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .

Deprecated Property. The preferred unit for displaying the TTL. This value is for display only. * s - seconds * m - minutes * h - hours * d - days .

TTL Display Unit
string

JWKResponse

Name Path Type Description
JWK Response Keys
keys array of JWKResponse_keys

OpenIdConfiguration

Name Path Type Description
Authorization Endpoint
authorization_endpoint string

The authorization endpoint.

Issuer
issuer string

The issuer.

JWKs URI
jwks_uri string

The JWKs URI.

CurrentUserResponse

Name Path Type Description
user
user CurrentUser

Credential

Name Path Type Description
Created at
created_at string

The first time this webAuthn device was used to authenticate the user.

Cred ID
cred_id string

The Cred ID for this webAuthn device (encoded to match what is stored in psg_cred_obj).

Friendly Name
friendly_name string

The friendly name for the webAuthn device used to authenticate.

ID
id string

The ID of the webAuthn device used for authentication.

Last Login At
last_login_at string

The last time this webAuthn device was used to authenticate the user.

WebAuthn Type
type WebAuthnType

The type of this credential.

Updated At
updated_at string

The last time this webAuthn device was updated.

Usage Count
usage_count integer

How many times this webAuthn device has been used to authenticate the user.

User ID
user_id string

The userID for this webAuthn device.

icons
icons WebAuthnIcons

Contains the light and dark SVG icons that represent the brand of those devices Values can be null or base64 encoded SVG. Example of SVG output: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDE5MiAxOTIiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDE5MiAxOTIiIHdpZHRoPSIyNHB4Ij48cmVjdCBmaWxsPSJub25lIiBoZWlnaHQ9IjE5MiIgd2lkdGg9IjE5MiIgeT0iMCIvPjxnPjxwYXRoIGQ9Ik02OS4yOSwxMDZjLTMuNDYsNS45Ny05LjkxLDEwLTE3LjI5LDEwYy0xMS4wMywwLTIwLTguOTctMjAtMjBzOC45Ny0yMCwyMC0yMCBjNy4zOCwwLDEzLjgzLDQuMDMsMTcuMjksMTBoMjUuNTVDOTAuMyw2Ni41NCw3Mi44Miw1Miw1Miw1MkMyNy43NCw1Miw4LDcxLjc0LDgsOTZzMTkuNzQsNDQsNDQsNDRjMjAuODIsMCwzOC4zLTE0LjU0LDQyLjg0LTM0IEg2OS4yOXoiIGZpbGw9IiM0Mjg1RjQiLz48cmVjdCBmaWxsPSIjRkJCQzA0IiBoZWlnaHQ9IjI0IiB3aWR0aD0iNDQiIHg9Ijk0IiB5PSI4NCIvPjxwYXRoIGQ9Ik05NC4zMiw4NEg2OHYwLjA1YzIuNSwzLjM0LDQsNy40Nyw0LDExLjk1cy0xLjUsOC42MS00LDExLjk1VjEwOGgyNi4zMiBjMS4wOC0zLjgyLDEuNjgtNy44NCwxLjY4LTEyUzk1LjQxLDg3LjgyLDk0LjMyLDg0eiIgZmlsbD0iI0VBNDMzNSIvPjxwYXRoIGQ9Ik0xODQsMTA2djI2aC0xNnYtOGMwLTQuNDItMy41OC04LTgtOHMtOCwzLjU4LTgsOHY4aC0xNnYtMjZIMTg0eiIgZmlsbD0iIzM0QTg1MyIvPjxyZWN0IGZpbGw9IiMxODgwMzgiIGhlaWdodD0iMjQiIHdpZHRoPSI0OCIgeD0iMTM2IiB5PSI4NCIvPjwvZz48L3N2Zz4=

CurrentUser

Name Path Type Description
Created At
created_at string

When this user was created.

Email
email string

The user's email.

Email Verified
email_verified boolean

Whether or not the user's email has been verified.

ID
id string

The user ID.

Last Login At
last_login_at string

The last time this user logged in.

Login Count
login_count integer

How many times the user has successfully logged in.

Phone
phone string

The user's phone.

Phone Verified
phone_verified boolean

Whether or not the user's phone has been verified.

social_connections
social_connections UserSocialConnections
User Status
status UserStatus

User status: active, inactive, pending.

Updated At
updated_at string

When this user was last updated.

WebAuthn
webauthn boolean

Whether or not the user has authenticated via webAuthn before (if len(WebAuthnDevices) > 0).

WebAuthn Devices
webauthn_devices array of Credential

The list of devices this user has authenticated with via webAuthn.

WebAuthn Types
webauthn_types array of WebAuthnType

Retrieve a list of credential types that the user has created.

CurrentUserDevices

Name Path Type Description
Devices
devices array of Credential

CurrentUserDevice

Name Path Type Description
device
device Credential

AddDeviceStartResponse

Name Path Type Description
handshake
handshake CredentialCreationChallenge
user
user User

MagicLinkResponse

Name Path Type Description
magic_link
magic_link MagicLink
Name Path Type Description
ID
id string

The magic link identifier.

UserMetadataResponse

LoginMagicLinkResponse

Name Path Type Description
magic_link
magic_link MagicLink

RegisterMagicLinkResponse

Name Path Type Description
magic_link
magic_link MagicLink

UserResponse

Name Path Type Description
user
user User

LoginWebAuthnStartResponse

Name Path Type Description
handshake
handshake CredentialAssertionChallenge
user
user User

CredentialAssertionChallenge

Name Path Type Description
challenge
challenge protocol.CredentialAssertion
ID
id string

The identifier.

protocol.CredentialAssertion

Name Path Type Description
publicKey
publicKey protocol.CredentialAssertion_publicKey

WebAuthnIcons

Contains the light and dark SVG icons that represent the brand of those devices Values can be null or base64 encoded SVG. Example of SVG output: data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDE5MiAxOTIiIGhlaWdodD0iMjRweCIgdmlld0JveD0iMCAwIDE5MiAxOTIiIHdpZHRoPSIyNHB4Ij48cmVjdCBmaWxsPSJub25lIiBoZWlnaHQ9IjE5MiIgd2lkdGg9IjE5MiIgeT0iMCIvPjxnPjxwYXRoIGQ9Ik02OS4yOSwxMDZjLTMuNDYsNS45Ny05LjkxLDEwLTE3LjI5LDEwYy0xMS4wMywwLTIwLTguOTctMjAtMjBzOC45Ny0yMCwyMC0yMCBjNy4zOCwwLDEzLjgzLDQuMDMsMTcuMjksMTBoMjUuNTVDOTAuMyw2Ni41NCw3Mi44Miw1Miw1Miw1MkMyNy43NCw1Miw4LDcxLjc0LDgsOTZzMTkuNzQsNDQsNDQsNDRjMjAuODIsMCwzOC4zLTE0LjU0LDQyLjg0LTM0IEg2OS4yOXoiIGZpbGw9IiM0Mjg1RjQiLz48cmVjdCBmaWxsPSIjRkJCQzA0IiBoZWlnaHQ9IjI0IiB3aWR0aD0iNDQiIHg9Ijk0IiB5PSI4NCIvPjxwYXRoIGQ9Ik05NC4zMiw4NEg2OHYwLjA1YzIuNSwzLjM0LDQsNy40Nyw0LDExLjk1cy0xLjUsOC42MS00LDExLjk1VjEwOGgyNi4zMiBjMS4wOC0zLjgyLDEuNjgtNy44NCwxLjY4LTEyUzk1LjQxLDg3LjgyLDk0LjMyLDg0eiIgZmlsbD0iI0VBNDMzNSIvPjxwYXRoIGQ9Ik0xODQsMTA2djI2aC0xNnYtOGMwLTQuNDItMy41OC04LTgtOHMtOCwzLjU4LTgsOHY4aC0xNnYtMjZIMTg0eiIgZmlsbD0iIzM0QTg1MyIvPjxyZWN0IGZpbGw9IiMxODgwMzgiIGhlaWdodD0iMjQiIHdpZHRoPSI0OCIgeD0iMTM2IiB5PSI4NCIvPjwvZz48L3N2Zz4=

Name Path Type Description
Light Icon
light string

The light icon.

Dark Icon
dark string

The dark icon.

OneTimePasscodeResponse

Name Path Type Description
OTP ID
otp_id string

The ID of the one-time passcode. Provide it when activating.

RegisterWebAuthnStartResponse

Name Path Type Description
handshake
handshake CredentialCreationChallenge
user
user User

SocialConnectionsResponse

Name Path Type Description
social_connections
social_connections UserSocialConnections

GoogleSocialConnection

Name Path Type Description
Provider ID
provider_id string

The external ID of the social connection.

Created At
created_at date-time

When created at.

Last Login At
last_login_at date-time

The last login at.

Provider ID
provider_identifier string

The email of connected social user.

GithubSocialConnection

Name Path Type Description
Provider ID
provider_id string

The external ID of the social connection.

Created At
created_at date-time

When created at.

Last Login At
last_login_at date-time

The last login at.

Provider ID
provider_identifier string

The email of connected social user.

UserSocialConnections

Name Path Type Description
google
google GoogleSocialConnection
github
github GithubSocialConnection

UserStatus

User status: active, inactive, pending.

User status: active, inactive, pending.

User Status
string

WebAuthnType

The type of this credential.

The type of this credential.

WebAuthn Type
string

CredentialCreation

Name Path Type Description
publicKey
publicKey CredentialCreation_publicKey

CredentialCreationChallenge

Name Path Type Description
challenge
challenge CredentialCreation
ID
id string

The identifier.

User

Name Path Type Description
Email
email string

The email address.

Email Verified
email_verified boolean

Whether or not the user's email has been verified.

ID
id string

The identifier.

Phone
phone string

The phone number.

Phone Verified
phone_verified boolean

Whether or not the user's phone has been verified.

User Status
status UserStatus

User status: active, inactive, pending.

WebAuthn Verified
webauthn boolean

Whether WebAuthn is verified.

WebAuthn Types
webauthn_types array of WebAuthnType

AuthResult

Name Path Type Description
Auth Token
auth_token string

The auth token.

Redirect URL
redirect_url string

The redirect URL address.

Refresh Token
refresh_token string

The refresh token.

Refresh Token Expiration
refresh_token_expiration integer

The refresh token expiration.

AuthResponse

Name Path Type Description
auth_result
auth_result AuthResult

JWKResponse_keys

Name Path Type Description
Algorithm
alg string

The algorithm for the key.

Exponent
e string

The exponent for the standard pem.

Key ID
kid string

The unique identifier for the key.

Key Type
kty string

The key type (https://datatracker.ietf.org/doc/html/rfc7518)

Modulus
n string

The modulus for a standard pem.

Use
use string

How the key is meant to be used (i.e. 'sig' represents signature)

protocol.CredentialAssertion_publicKey

Name Path Type Description
Challenge
challenge string

The challenge.

RP ID
rpId string

The RP identifier.

Timeout
timeout integer

The timeout.

User Verification
userVerification string

This member describes the relying party's requirements regarding user verification for the create() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement.

CredentialCreation_publicKey_authenticatorSelection

Name Path Type Description
Authenticator Attachment
authenticatorAttachment string

If this member is present, eligible authenticators are filtered to only authenticators attached with the specified AuthenticatorAttachment enum.

Require Resident Key
requireResidentKey boolean

This member describes the relying party's requirements regarding resident credentials. If the parameter is set to true, the authenticator MUST create a client-side-resident public key credential source when creating a public key credential.

Resident Key
residentKey string

This member describes the relying party's requirements regarding resident credentials per Webauthn Level 2.

User Verification
userVerification string

This member describes the relying party's requirements regarding user verification for the create() operation. Eligible authenticators are filtered to only those capable of satisfying this requirement.

CredentialCreation_publicKey_excludeCredentials

Name Path Type Description
ID
id string

The ID of a credential to allow/disallow.

Transports
transports array of string

The authenticator transports that can be used.

Type
type string

The valid credential types.

CredentialCreation_publicKey_pubKeyCredParams

Name Path Type Description
Algorithm
alg integer

The algorithm.

Type
type string

The type.

CredentialCreation_publicKey_rp

Name Path Type Description
Icon
icon string

A serialized URL which resolves to an image associated with the entity. For example, this could be a user's avatar or a relying party's logo. This URL MUST be an a priori authenticated URL. Authenticators MUST accept and store a 128-byte minimum length for an icon member's value. Authenticators MAY ignore an icon member's value if its length is greater than 128 bytes. The URL's scheme MAY be "data" to avoid fetches of the URL, at the cost of needing more storage. Deprecated: this has been removed from the specification recommendations.

ID
id string

A unique identifier for the relying party entity, which sets the RP ID.

Name
name string

A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents: When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the relying party, intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех". When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234".

CredentialCreation_publicKey_user

Name Path Type Description
Display Name
displayName string

A human-palatable name for the user account, intended only for display. The relying party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.

Icon
icon string

A serialized URL which resolves to an image associated with the entity. For example, this could be a user's avatar or a relying party's logo. This URL MUST be an a priori authenticated URL. Authenticators MUST accept and store a 128-byte minimum length for an icon member's value. Authenticators MAY ignore an icon member's value if its length is greater than 128 bytes. The URL's scheme MAY be "data" to avoid fetches of the URL, at the cost of needing more storage. Deprecated: this has been removed from the specification recommendations.

ID
id object

The user handle of the user account entity. To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id member, not the displayName nor name members. See Section 6.1 of RFC8266.

Name
name string

A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents: When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the relying party, intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех". When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234".

CredentialCreation_publicKey

Name Path Type Description
Attestation
attestation string

The attestation.

authenticatorSelection
authenticatorSelection CredentialCreation_publicKey_authenticatorSelection
Challenge
challenge string

The challege.

Excluded Credentials
excludeCredentials array of CredentialCreation_publicKey_excludeCredentials
Public Key Cred Params
pubKeyCredParams array of CredentialCreation_publicKey_pubKeyCredParams
rp
rp CredentialCreation_publicKey_rp
Timeout
timeout integer

The timeout.

user
user CredentialCreation_publicKey_user