Passport
  • 👩‍💻Welcome
  • How Passport Works
    • Overview
    • Background
      • Threshold Cryptography
      • Secure Multi-Party Computation
      • Distributed Architecture
      • Secure Enclaves
    • In Depth
      • Under the Hood
      • User Flows and Account Controls
      • The Halides Model
      • End-to-End Encryption
      • Security
      • Node Operation
  • guides and examples
    • Getting Started
    • Quickstarts and Examples
      • Passkey Account
      • Clerk Auth
      • Lambda Quickstart
  • Authentication
    • Overview
    • Configuring your scope
    • Passkeys
      • Registration
        • Register using SDK
        • Register using API
          • Initiate Registration
          • Complete Registration
      • Authentication
        • Authenticating with SDK
        • Authenticating with API
          • Initiate Authentication
          • Complete Authentication
    • Developer Owned Auth
      • Registration
        • Register using SDK
        • Register using API
          • Delegate Registration
  • Wallet Operations
    • Overview
    • Passkeys Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • DOA Signer
      • Sign Message
        • Sign Message SDK
        • Sign Message API
      • Sign Transaction
        • Sign Transaction SDK
        • Sign Transaction API
    • Viem Support
  • Programmability
    • Overview
    • Passport Lambda
    • Lambda Functions
      • Create Lambda
        • Create Lambda SDK
        • Create Lambda API
      • Execute Lambda
        • Execute Lambda SDK
        • Execute Lambda API
      • List Lambda
        • List Lambda SDK
        • List Lambda API
  • Appendix
    • Moving to Mainnet
    • State Of The Network
    • Generating DOA Keys
    • API Request Setup
      • Unauthenticated Requests
      • Authenticated Requests
Powered by GitBook
On this page
  • Introduction
  • Setup
  • Commands
  • Generate Keys
  • Create Scope:
  • Scope Configuration
  • Keep track of your Scope ID
  • Updating a Scope
  • Next Steps
  1. Authentication

Configuring your scope

Introduction

Scopes within the Passport Protocol act as programmable key management namespaces / configurations. By creating a scope you can:

  • Organise: Keep your authentication methods and settings arranged in a clear way.

  • Control: Set specific permissions and policies for each scope.

  • Customise: Pick from authentication methods like OAuth, 2FA or more, that suit your needs.

Setup

Install passport-scope-cli

npm install -g passport-scope-cli
yarn global add passport-scope-cli
pnpm install -g passport-scope-cli

After installation, try passport-scope in your terminal to see if it is installed:

% passport-scope
Usage: passport-scope [options] [command]

Available Commands

  • -V, --version: output the version number

  • -h, --help: display help for command

  • create [options]: Create a new scope based on the provided configuration.

Commands

Generate Keys

  • Create a new keys for your scope if you haven't created one already.

  • This should create two files

    • <KEY_NAME>_pub.der

    • <KEY_NAME>_priv.der

passport-scope generate-keys --name <KEY_NAME>

Create Scope:

  • This method creates a new scope based on the provided configuration file.

  • Upon execution, you should receive a scope_id as output.

  • The system generates a temporary random wallet for every scope.

passport-scope create --config-path ./<YOUR_CONFIG_FILE>.json --private-key ./<KEY_NAME>_priv.der --network testnet --verbose

Note: Always exercise caution with private keys. While the key isn't stored or used for any purpose other than signing, it's crucial to avoid using a private key that is already exposed with other services. Always opt for a freshly key pair dedicated solely to managing scopes.

Detailed configuration structures are as follows:

Option
Description

--config-path

Path of the scope configuration content

--network

The network you'd like to use can be testnet / mainnet / localhost

--private-key

Path of the private key that is going to be the owner of the scope. If not provided, a new key pair is

Scope Configuration

Define the authentication rules for the scopes you own in JSON format.

Passkeys

Here's a simple structure for a scope supporting Passkeys:

{
  "rp": {
    "id": "demo.0xpass.io",
    "origin": "https://demo.0xpass.io/",
    "name": "Text Relying Party"
  },
  "policies":[]
}

Here are the components of the scope config

  • rp: configurations for webauthn relaying party.

    • id: the domain of where the passkey is generated

    • origin: full url of the domain

    • name: human readable name for the domain

Keep track of your Scope ID

Upon successful creation of the scopes, take note of the scope_id.

Updating a Scope

Updating a scope is same as creating a scope, except you specify a scope id.

passport-scope update --scope-id ed5fdb5c-53f3-4a0f-a7af-53b0f09121bb --config-path ./<YOUR_CONFIG_FILE>.json --private-key ./<KEY_NAME>_priv.der --network testnet --verbose

Next Steps

Once you have your scope ID, you can now proceed to the appropriate authentication method sections to continue with your integration.

  • Passkeys

PreviousOverviewNextPasskeys

Last updated 1 year ago

This scope_id is essential for initializing the Passport instance. For a comprehensive integration guide, please consult the .

Quickstarts and Examples sections