| description |
|---|
Use Passkeys with any backend |
import { Tab, Tabs } from 'nextra-theme-docs';
We'll guide you through setting up two endpoints to handle passkey registration and validation requests. The frontend library creates these requests from a logged-in user. We'll be using the keyri-auth-core library for authentication.
First, set up an endpoint to handle the passkey registration request.
<Tabs items={['Node.js', 'PHP']}>
// Import the keyri-auth-core library and required keys
import * as KeyriAuthCore from "keyri-auth-core";
import { publicSignatureKey, privateSignatureKey } from "./keys.mjs";
const { passkeyRegister } = KeyriAuthCore.default.ApplessServer;
const HOST = "example.com";
// Verify the user's ID (replace IDP.getUserData with your identity provider's
method) const user = await IDP.getUserData(request.body);
// Create the passkey registration handler export async function
passkey_registration(req, res, nxt) { try { const response = await
passkeyRegister( publicSignatureKey, privateSignatureKey, req.body, HOST,
user.userId, user.userName, user.metaData );
res.status(200).send(response);
} catch (error) { console.error(error); res.status(400).send({ message: "Passkey
registration failed" }); } }$HOST = "example.com";
// This function simulates fetching user data (replace getUserData() with your identity provider's method) function getUserData($requestBody) { // Simulated code for fetching user data // $userData = ... return $userData; }
function passkey_registration($requestBody) { try { // Assuming getUserData and passkeyRegister are defined $user = getUserData($requestBody); $userId = $user['userId']; $userName = $user['userName']; $metaData = $user['metaData'];
// Assuming that passkeyRegister is implemented in PHP
$response = passkeyRegister($publicSignatureKey, $privateSignatureKey, $requestBody, $HOST, $userId, $userName, $metaData);
http_response_code(200);
echo json_encode($response);
} catch (Exception $e) {
error_log($e);
http_response_code(400);
echo json_encode(["message" => "Passkey registration failed"]);
}
}
// Assume $requestBody is obtained from the client $requestBody = json_decode(file_get_contents('php://input'), true);
// Run the function passkey_registration($requestBody);
?>
</Tab>
</Tabs>
## Passkey Validation
Next, set up an endpoint to handle the passkey validation request.
<Tabs items={['Node.js', 'PHP']}>
<Tab>
```javascript
// Import the keyri-auth-core library and required keys
import * as KeyriAuthCore from "keyri-auth-core";
import { publicSignatureKey, apiPublicKey } from "./keys.mjs";
const { passkeyLogin } = KeyriAuthCore.default.ApplessServer;
// Create the passkey validation handler export async function
passkey_validation(req, res, nxt) { try { const response = await
passkeyLogin(apiPublicKey, req.body, publicSignatureKey); res.status(200).send({
message: "You are authorized to log in" }); } catch (error) {
console.error(error); res.status(400).send({ message: "Passkey validation
failed" }); } }
function passkey_validation($requestBody) { try { // Assuming that passkeyLogin is implemented in PHP $response = passkeyLogin($apiPublicKey, $requestBody, $publicSignatureKey);
http_response_code(200);
echo json_encode(["message" => "You are authorized to log in"]);
} catch (Exception $e) {
error_log($e);
http_response_code(400);
echo json_encode(["message" => "Passkey validation failed"]);
}
}
// Assume $requestBody is obtained from the client $requestBody = json_decode(file_get_contents('php://input'), true);
// Run the function passkey_validation($requestBody);
?>
</Tab>
</Tabs>
## Managing Keys
In this example, we're importing keys from an mjs file. For better security in a
production environment, store these keys as environment variables.
To obtain your application's keys, visit app.keyri.com > Setup & Credentials >
Generate Fraud API Encryption Keys.