Developer guide

Seamlessly Implement Passkey Auth with Cognito, Firebase, Auth0 and other IdPs

Micah N.
August 16, 2023

Passkeys are the future of authentication. They level up security and provide a streamlined sign-in experience that doesn't involve remembering or typing passwords. But passkeys are still nascent, and many identity providers do not provide a robust way to support them by default.

You shouldn’t have to choose between your existing Identity Provider (IdP) and offering the best authentication experience for your users. That’s why we’re thrilled to announce that Passage now offers an OIDC-compliant hosted login page that integrates seamlessly with most major identity providers including Amazon Cognito, Auth0 by Okta, and Google Firebase.

This means that instead of embedding passwordless login flows directly in your app, you can now redirect users to the Passage login page to handle authentication. Once verified, users are redirected back to your application.

Not only does this enable users to sign in once via the hosted page to access all of your apps and websites across domains, but it also means you can continue using your primary identity store. Plus, it makes it incredibly easy to support passwordless sign-in without any application-level changes to configure or update your authentication flows.

How the Passage-hosted login page works

If you’ve ever used Social Logins like “Sign in with Google” or “Sign in with Microsoft” to access a third-party app, then you’ve experienced OIDC-based authentication before. OIDC, short for OpenID Connect, is an identity protocol that allows apps to outsource verifying user identities and defines how profile information can be shared back and forth. As OIDC providers, Google and Microsoft can authenticate users on behalf of third-party apps.

In a similar way, the Passage-hosted login page is also an OIDC provider and can authenticate users on behalf of your application. For technical details, check out our developer docs. At a high level, here’s what a typical login flow looks like:

  • A user visits your site and attempts to sign in to their account. 
  • They are redirected from your site to the Passage hosted login page and presented with a passwordless sign-in flow that defaults to passkeys. 
  • The login page interacts with your primary identity provider (Cognito, Firebase, Auth0, etc) and handles user authentication.
  • Once verified, Passage generates an ID Token and an Access Token and passes them to your site. These tokens contain details about the user and confirm they're authenticated.
  • Simultaneously, the user is redirected back to your site, where they can now securely access their account.

Passkeys are tied to specific domains, so with embedded login flows users have to sign in to each site they want to access. For example, if you offer a service on your primary domain, but have a support forum on a subdomain, the user would have to login twice.

But with the Passage-hosted login page, you can eliminate this friction by passing authentication tokens to each of your properties from the single hosted domain. So the user only needs to sign in once via the login page to seamlessly navigate between your sites and apps. It's a time-saving solution that boosts engagement while maintaining the security offered by passkeys.

Integrating Passage with Your Existing IdP

The Passage-hosted login page can integrate with any identity provider that supports federated authentication via OIDC including: AWS Cognito, Google Firebase, Auth0, and others. Here’s a brief demo of how simple it is to configure Passage to work with Amazon Cognito. The process is similar for other identity providers.

For more guides and detailed instructions on integrating with top identity providers check out our developer documentation.

Take Passwordless Auth for a Test Drive

Passage's OIDC-compliant hosted login page marks a significant milestone in our journey to simplify user authentication. By seamlessly integrating with major identity providers, offering unified authentication experiences, and reducing the need for extensive code changes, we're aiming to make Passage the easiest and most robust solution for integrating passkey auth on the market.

But don’t take our word for it. Create a free Passage account and take the experience for a test drive. If you have any questions, our team is more than happy to chat. Let's explore the world of seamless, secure, and user-centric authentication together.