Going Passwordless?

Passage by 1Password brings you seamless passwordless authentication in your app or website with just a few lines of code.

Exciting news for Java developers!

Passage4J, a Java SDK, makes integration seamless to incorporate Passage into your Java ecosystem.

Leave the best security practices of true passwordless to Passage as it handles user authentication. Meanwhile, Passage4J empowers you to focus on writing your application code, making integration with Passage a breeze.

Show me the code :)

Maven (Include this in your pom.xml)

...add this to project node...
    <repositories>
    <repository>
      <id>godwinpinto-passage4j</id>
      <url>https://packagecloud.io/godwinpinto/passage4j/maven2</url>
      <releases>
        <enabled>true</enabled>
      </releases>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
    </repository>
    </repositories>
    --------------------
    ...add this to dependency node...
    <dependency>
      <groupId>id.passageidentity.passage4j</groupId>
      <artifactId>core</artifactId>
      <version>0.0.1</version>
    </dependency>
    ...

Gradle (Add this entry in your build.gradle file)

...
repositories {
    maven {
        url "https://packagecloud.io/godwinpinto/passage4j/maven2"
    }
}
...
compile 'id.passageidentity.passage4j:core:0.0.1'

How to use

1. Visit the Passage console and create an app https://console.passage.id/login

2. copy the app id and api key

3. Follow the below steps to configure a Passage object in your app

Configure Passage4J and create an Instance

import id.passageidentity.passage4j.core.app.Passage;
import id.passageidentity.passage4j.core.app.PassageConfig;
import id.passageidentity.passage4j.core.app.PassageNew;
...
Passage passage;
...
PassageConfig config=new PassageConfig();
config.setHeaderAuth(true);
config.setApiKey(System.getenv("PASSAGE_API_KEY"));

//Create the passage client
passage = new PassageNew(System.getenv("PASSAGE_APP_ID"), config);

/** 
 * now you have the passage object configured with your api key and app id
 * As a recommendation dont hardcode your key and app id in application
 * You can always use 1password connect to store your keys more securely :)
*/

Using Passage API's via Passage4J

//Fetch Passage App information
AppInfoBean appInfoBean=passage.app().getInfo();

//Create Magic link
passage.app().createMagicLink(createMagicLinkBodyBean);

//Fetch User information
UserBean userBean=passage.user().getInfo("<passage user id>");

//Authenticate web user
/** 
* Based on the framework you are using, fetch the request header
* String token = request().getHeader("Authorization");
* No need to check additional token value, the same is implemented in below function
**/
String userID = passage.auth().authenticateRequestWithAuthHeader(token);

/**
* you can also fetch the passage token from cookie name cookie_name_psg_auth_token
*/
String userID = passage.auth().authenticateRequestWithCookie("<cookie_name_psg_auth_token>"");
// Note: this user id will return the passage user id

Love Java Docs?

Find the detailed Java docs here.

Source code repo

https://github.com/godwinpinto/passage4j

Do you prefer the Microservice framework?

We have got you covered

Visit the Github repo for detailed examples of how to use your favourite Bean / Inject patterns with the passage object.

The example runs a web (React+Typescript+Vite+Bootstrap) interface which has an login(passage ui plugin) and dashboard(that shows your user details)

Quick run without full dev setup? Read detailed docs here

docker-compose -f docker-compose-dev.yml \
--env-file .env up example-web example-spring

Let's talk in Spring!

  @Value("${passage.app.id}")
  String passageAppID;

  @Value("${passage.api.key}")
  String passageApiKey;

  @Bean
  Passage getPassageObject() throws PassageException {
    PassageConfig passageConfig = new PassageConfig();
    passageConfig.setApiKey(passageApiKey);
    passageConfig.setHeaderAuth(true);
    return new PassageNew(passageAppID, passageConfig);
  }

  //your favourite spring magic bean
  @Autowired
  Passage passage;

And then there was the VERT.X framework

  String passageAppID = System.getenv("PASSAGE_APP_ID");
  String passageApiKey = System.getenv("PASSAGE_API_KEY");
  PassageConfig passageConfig = new PassageConfig();
  passageConfig.setApiKey(passageApiKey);
  passageConfig.setHeaderAuth(true);
  passage = new PassageNew(passageAppID, passageConfig);

How about Micronaut?

@Factory
public class PassageFactory {

  @Singleton
  public Passage getPassage(@Value("${passage.app-id}") String passageAppID,
      @Value("${passage.api-key}") String passageApiKey)
      throws PassageException {
    PassageConfig passageConfig = new PassageConfig();
    passageConfig.setApiKey(passageApiKey);
    passageConfig.setHeaderAuth(true);
    return new PassageNew(passageAppID, passageConfig);
  }
}

  @Inject
  Passage passage;

Quarkus is here too!

public class PassageProducer {
  @ApplicationScoped
  public Passage getPassage(@ConfigProperty(name = "passage.app-id") String passageAppID,
      @ConfigProperty(name = "passage.api-key") String passageApiKey) throws PassageException {
    PassageConfig passageConfig = new PassageConfig();
    passageConfig.setApiKey(passageApiKey);
    passageConfig.setHeaderAuth(true);
    return new PassageNew(passageAppID, passageConfig);
  }
}

  @Inject
  Passage passage;

Hope now you have the right tools to impress your clients by going passwordless with Passage4J. :)

Edit (03 July 2023): (beyond the scope of Hackathon submission to reach out to the 1Password team and to be fair to all my fellow participants)

Market segment, size and objective

Objective: Generate new large business client target segments for Passage

Market Analysis:

The BFSI (Banking, Financial, and Insurance) industry has been grappling with the ongoing challenge of protecting customers' financial data from phishing attacks. Plus 1Password has a major presence in the North American region (my assumptions).

The advent of WebAuthn as a robust solution for mitigating phishing attacks presents a promising opportunity for Passage, the provider of WebAuthn-based authentication solutions. Passage has the potential to address the specific challenges faced by the BFSI sector, where banks are constantly seeking faster and more effective ways to combat phishing attacks. Where measures such as QR code logins and two-factor authentication (2FA) currently exist to enhance security.

Read the article below for more information on Phishing attacks;

Where to Begin

Let's take some major service providers/products in Core Banking (Especially core banking to begin with)

1. Infosys Finacle Banking (https://6sense.com/tech/banking/infosys-finacle-market-share)

2. TCS BANCS (https://6sense.com/tech/banking/tcs-bancs-market-share)

3. Oracle Flexcube (https://6sense.com/tech/banking/oracle-flexcube-market-share)

Take a closer look at the "Customers By Geo" section to identify potential markets and regions with untapped potential. This analysis presents an excellent opportunity for partnering with industry giants or directly engaging with banks to establish new revenue models.

Additionally, it's important to note that these giants are just the tip of the iceberg. The core banking landscape comprises numerous small players, as well as opportunities within NBFCs, insurance, and investment sectors.

It's worth highlighting that the majority of these giants' products are developed using Java, with some utilizing the .NET framework. This insight opens up new avenues for business expansion and collaboration beyond your regular scope.

By exploring these market dynamics and leveraging the right partnerships, Passage can have the potential to enter into this space.

Exploring Marketing Opportunities

While I may be new to the world of marketing strategies, I believe it's crucial to provide valuable insights that can help shape future decisions. Here are some potential avenues to consider:

1. Forge Strategic Partnerships with Industry Giants: Consider establishing direct partnerships with established giants in the industry.

2. Partnerships with partners of these Giants: These partners offer customization and support services pre/post-implementation, leveraging their connect/expertise to implement Passage to their banking clients.

3. Direct Implementation with Banks: Target direct implementation with banks, showcasing the unique value proposition of the product and how it addresses their specific pain points. This approach allows for a more focused and tailored solution, creating a strong impression among potential customers.

4. Increase Awareness through BFSI Conferences: Participate in BFSI conferences and industry events to raise awareness about the product. Use these platforms to showcase its features, advantages, and success stories..

While financial considerations need to be thoroughly evaluated, the market potential for this product appears promising, with a projected customer base of over 500+ B2B customers just in the North American region. By implementing the right marketing strategies, the product can gain significant traction in the market, solidifying its position as a preferred solution within the industry."

This expanded version provides more context and elaborates on each marketing opportunity, emphasizing the potential benefits and outcomes.

Here ends the edit :)

Closing notes

If you liked what you just read and find it useful give a thumbs up on this article and star the repository Passage4J and example-passage4j. Means a lot to me.

My free https://packagecloud.io/ account expires on 10 July 2023. :p. Post approval from the 1Password team, the docs and links will be updated here to stay relevant and helpful.

Time to work on submission no 2. :)

Bonus Tip for DotNet Developers

The Java SDK has been developed in a more or less base-class fashion that you can port to DotNet easily and make it available as a library. :) Do it before, I take it up. Just a pun :p

Cheers, Happy coding with Passage4J in your passwordless journey.