Session management can have a huge impact on user experience and customer retention. Imagine if you had to re-authenticate to your most commonly used apps every few minutes?! That's where refresh tokens come in. Passage now support a hybrid session management solution that provide the low latency of stateless JWT-based sessions, with the revocation capabilities of stateful sessions. For added security, we've also added refresh token rotation and automatic detection of compromised tokens. This means improved security and user experience for all applications, especially apps that required long-lived sessions (e.g. mobile and PWAs).
You can enable refresh tokens in the Passage Console. Read our full guide to learn about session management best practices and our recommendations for your app.
We’ve released a migration guide along with an improved user import experience to make it even easier to switch to passwordless. Read our guide to learn about how to migrate from your current authentication solution to Passage (spoiler alert: it's easy!), including options to use Passage as the source of truth for your user or to keep most user data in your own users table. Check it out here (LINK NEEDED).
For apps that support phone numbers as identifiers, you can now configure Passage to use your own Twilio account and phone numbers. This provides great continuity for your users by sending login text messages through the same phone numbers you use for other user communication.