$ npm i @passwordlessdev/passwordless-nodejs


  • ES2018 or newer, read more hereopen in new window.
  • Supported JavaScript modules: CommonJS, ES
  • Node.js 10 or newer


Specifying the baseUrl would be optional, and will contain as its default value.

To obtain your ApiSecret, you can find it in the admin console under Applications > 'Your Application' > Getting Started.

const options: PasswordlessOptions = {
  baseUrl: ''
this._passwordlessClient = new PasswordlessClient(
const options: PasswordlessOptions = {};
this._passwordlessClient = new PasswordlessClient(


If you had for example a 'UserController.ts' with a 'signup' arrow function. You could register a new token as shown below.

You'll first want to proceed to store the new user in your database and verifying it has succeeded, before registering the token.

signup = async (request: express.Request, response: express.Response) => {
  const signupRequest: SignupRequest = request.body;
  const repository: UserRepository = new UserRepository();
  let id: string = null;
  try {
    // First, create the user in your database. We will use the id to register the token.
    // This way we know what user the credentials will belong to.
    id = repository.create(signupRequest.username, signupRequest.firstName, signupRequest.lastName);
  } catch {
    // do error handling, creating user failed.
  } finally {

  if (!id) {
    // Do not proceed to create a token, we failed to create a user.

  let registerOptions = new RegisterOptions();
  registerOptions.userId = id;
  registerOptions.username = signupRequest.username;

  // We will use our deviceName as an alias. But using an alias is completely optional.
  if (signupRequest.deviceName) {
    registerOptions.aliases = new Array(1);
    registerOptions.aliases[0] = signupRequest.deviceName;

  registerOptions.discoverable = true;

  // Now call to register a new token.
  const token: RegisterTokenResponse =
    await this._passwordlessClient.createRegisterToken(registerOptions);

  // Return the token to the client.

Logging in

signin = async (request: express.Request, response: express.Response) => {
  try {
    const token: string = request.query.token as string;

    // First check if the token is valid, and if a matching user is found.
    const verifiedUser: VerifiedUser = await this._passwordlessClient.verifyToken(token);

    // If a user is found, and the token is valid, you can proceed to log the user in.
    if (verifiedUser && verifiedUser.success === true) {
      // If you want to build a JWT token for SPA that are rendered client-side, you can do this here.
  } catch (error) {