Official RollPass.io Javascript library for frontend, backend, and more.
Faster sign-ups mean more conversions.
- Password-less authentication
- User key-value data store
- Browser CDN
- Node and Typescript support
- Free for personal use
RollPass is free for personal use. First, create an account. Then find your
clientToken
and projectId
in the RollPass dashboard. Next, choose how you want to use RollPass:
RollPass let's you create authenticated frontend apps without a database or server. All you need is an HTML file.
Add a script tag that includes RollPass on your page.
<script src="https://cdn.rollpass.io/js/rollpass.min.js"></script>
Next configure RollPass using the clientToken and projectId shown in your account dashboad.
Make sure the redirectUrl
of your project matches the localhost or location of your HTML file.
<script>
RollPass.init({
clientToken: 'xxxx',
projectId: 'xxxx'
});
</script>
RollPass for the browser works wih one promise-based method. Call getUser
when you app is loaded and RollPass will determine if a user is anonymous, logged in, or arriving via an access link.
<script>
RollPass.getUser().then(function (user) {
// user is authenticated
alert("Hello " + user.emailAddress);
}).catch(err => {
// no current user session
const emailAddress = prompt("Please enter email address");
RollPass.sendAccessLink(emailAddress);
alert("Please check your email address")
});
</script>
If getUser
throws an error this means the user could not be authenticated. In this case you must obtain the users email address and send an access link to them using sendAccessLink
. When the user clicks the link and is redirected to your page let the same script execute and getUser
will succeed and return the user to you.
RollPass works well with NodeJS, Typescript, and WebPack. Install the package with npm or yarn.
npm install --save rollpass
RollPass exposes several controllers that map closely to the REST API functionality. Controllers typically require either a clientToken or a secretToken.
-
clientToken
: for use in front-end or public environments -
secretToken
: for use server-side in secure environments
// for frontend apps with localStorage
import { WebController } from "rollpass";
// for isomorphic or server proxy
import { ClientController } from "rollpass";
// for server or secure only
import { ProjectController } from "rollpass";
First configure your controller instance with a clientToken or secretToken and a projectId. If your project uses a redirectUrl this should either point ot your application or proxy server. (You can create localhost and production projects.)
const webController = new WebController({
clientToken: 'xxxx',
projectId: 'xxxx'
});
When your app is ready OR when your user loads the redirectUrl for your project you can authenticate a user like so:
async created() {
try {
const user = await webController.getUser();
} catch (e) {
// user is not authenticated so get user email address
const email = prompt("Please enter email address");
// send the user an access link
clientController.sendChallenge(email);
// ask user to check email
}
}
Most RollPass projects require a redirectUrl
. This will be combined with a ?code={challengeCode}
parameter and sent to the a given email address each time you issue a challenge or accessLink.
You can use getUser
to automatically parse and validate the challenge code in your application. For fine control you can also validate challenge codes yourself with the ClientController
. For frontend applications it is important that your projects allowedOrigin
matches the base URL of you application or your HTTP calls will fail.
TODO
TODO
RollPass recommends using a free MailSlurp test email account to test passwordless authentication flows. You can see how we test this library using MailSlurp in browser.spec.js.
- Please email contact@rollpass.io
- Or open a GitHub issue and include code samples
If you prefer to call the RollPass API directly see REST API Endpoints
There are RollPass SDKs available in a range of other languages. You can also generate your own client using the RollPass Swagger Spec.