TryMellon

Register & Authenticate

Register & Authenticate

Check WebAuthn support

if (TryMellon.isSupported()) {
  // Use passkeys
} else {
  // Use email fallback
}

Register a passkey

const result = await client.register({
  externalUserId: 'user_123',  // or external_user_id
  // authenticatorType: 'platform' | 'cross-platform',  // optional
  // signal: abortController.signal,                     // optional
})

if (!result.ok) {
  console.error(result.error.code, result.error.message)
  return
}

// Send session_token to your backend
await fetch('/api/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ session_token: result.value.session_token }),
})

Register options:

  • externalUserId or external_user_id (required): Unique user id in your system.
  • authenticatorType (optional): 'platform' (device) or 'cross-platform' (e.g. USB/NFC).
  • signal (optional): AbortSignal to cancel the operation.

Response (when ok):

  • success, credential_id, status, session_token, user (e.g. user_id, external_user_id, email, metadata).

Authenticate with a passkey

const result = await client.authenticate({
  externalUserId: 'user_123',
  hint: 'user@example.com',  // optional, improves UX
})

if (!result.ok) {
  console.error(result.error.code, result.error.message)
  return
}

await fetch('/api/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ session_token: result.value.session_token }),
})

Authenticate options:

  • externalUserId or external_user_id (required): User id.
  • hint (optional): Hint for the passkey (e.g. email).
  • signal (optional): AbortSignal to cancel.

Response (when ok):

  • authenticated, session_token, user, signals (e.g. userVerification, backupEligible, backupStatus).

Validate session (client-side)

You can validate a session token from the client if needed:

const validationResult = await client.validateSession('session_token_123')

if (validationResult.ok && validationResult.value.valid) {
  const v = validationResult.value
  console.log('User:', v.external_user_id, 'Tenant:', v.tenant_id, 'App:', v.app_id)
}

Client status

const status = await client.getStatus()

if (status.isPasskeySupported) {
  console.log('Passkeys available')
  if (status.platformAuthenticatorAvailable) {
    console.log('Platform authenticator available')
  }
} else {
  console.log('Use fallback')
}

Returns isPasskeySupported, platformAuthenticatorAvailable, and recommendedFlow ('passkey' | 'fallback').