Skip to main content

Generating and Using Authorization Tokens

Authorization tokens are currently used for the following scenarios:

  • Creating passkey over authorized sessions
  • Managing passkeys (listing, renaming, and deleting passkeys)
info

Authorization tokens have a very short lifespan of a few seconds, ensuring high security.

Overview Steps

  1. Create an API Key in the LoginID dashboard.
  2. Request an authorization token via the LoginID Grant Endpoint on your backend.
  3. Use the authorization tokens.

Create Application API Key on LoginID Dashboard

First, create an API key in the LoginID developer dashboard. This key defines the permissions (scopes) for your server when interacting with LoginID APIs. In your application's Settings tab, click Add New Key to generate it.

Store your API key as a secret.

Registration Requires Authentication Token

If you plan to authorize passkey creation over authorized sessions, enable the Registration Requires Authentication Token security lock on the dashboard.

Request Authorization Token With Grant Endpoint

Use the API Key in a request to the Management grant API on your backend. You need to send this request with a Basic Authentication header.

The returning data will have the authorization token and can now be sent to the client side SDKs.

const LOGINID_BASE_URL = process.env.LOGINID_BASE_URL;
const LOGINID_API_KEY_ID = process.env.LOGINID_API_KEY_ID;

export const requestLoginIDAuthorizationToken = async (username: string) => {
const basicToken = Buffer.from(`${LOGINID_API_KEY_ID}:`).toString("base64");
const res = await fetch(`${LOGINID_BASE_URL}/fido2/v2/mgmt/grant`, {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: `Basic ${basicToken}`,
},
body: JSON.stringify({
grants: ["passkey:write", "passkey:read"],
username: username,
}),
});

const data = await res.json();

if (!res.ok) {
throw new Error(data.message || data.msg);
}

return data.token;
};

Use Authorization Tokens

Common scenarios where authorization tokens are required include: