Community

GitHub

Blog

Corbado docs

Start for free

Support

Use the official Corbado Node.js SDK to simplify the passkey and session management integration in your Node.js applications.

Node.js SDK

Find all the information and guides you need to integrate passkeys in your own app.

Welcome

Welcome to Corbado Docs

Get started to implement passkeys with Corbado in your application by following these steps.

Getting Started

Corbado helps you to configure your passkey authentication specific to your application.

Overview

Configuration

Each application has individual user requirements that can be configured with Corbado.

User Flow Configuration

In the developer panel, you can define configurations regarding URLs & IDs.

URL & ID Configuration

Corbado provides a Frontend API and Backend API depending on the way you want to integrate and your tech stack.

Corbado API structure

The Frontend API is intended to be called by client applications like SPAs or native apps.

Frontend API

The Backend API is intended to be called by backend implementations.

Backend API

Discover Corbado's flexible UI components that can be embedded with a few lines of code.

UI Components

The CorbadoProvider component provides global configuration for all your Corbado UI Components.

CorbadoProvider

The Signup component offers users the possibility to create a new account.

Signup

The Login component allows users to log into the application.

Login

The CorbadoAuth component combines both the Signup and Login component.

CorbadoAuth

PasskeyList lists all available passkeys from a user and allows to manage the passkeys.

PasskeyList

Discover how you can customize your UI components to align with your preferences and needs.

Customization

Learn how to add the Corbado UI components to your React application.

Setup

React

Get access to session state and user data.

useCorbado()

Learn how to add the Corbado UI components to your JavaScript application.

VanillaJS

To access authentication state or trigger authentication-related methods (e.g. a logout), you will always make use of the Corbado object.

Global Corbado Object

Corbado provides an open-source Flutter package to add passkeys your native app.

Flutter

Learn how to add the Corbado web-js package to your Vue.js application.

Vue.js

Learn how to add the Corbado web-js package to your Angular application.

Angular

Learn how to add the Corbado React package to your Next.js application.

Next.js

Learn how to add the Corbado web-js Package to your Nuxt.js application.

Nuxt.js

Learn how to add the Corbado web-js package to your Svelte or SvelteKit application.

Svelte

Frontend API Reference

Use the official Corbado PHP SDK to simplify the passkey and session management integration in your PHP applications.

PHP SDK

Use the official Corbado Go SDK to simplify the passkey and session management integration in your Go applications.

Go SDK

Backend API Reference

This page provides an overview of the different ways to add session management to your passkey-based app.

Find a detailed page that shows how to protect routes for your type of application and tech stack.

Protecting Routes

Learn how Corbado's session management deals with setting and getting session data

Session Data

Learn more about the security that comes with Corbado's session management.

Security

Learn about the security features of JWTs (JSON Web Tokens) and how Corbado's session management makes use of them.

JWT Security

Learn about the security features of cookies and how Corbado's session management makes use of them.

Cookie Security

Learn about XSS (cross-site scripting) protection and how Corbado's session management uses it.

XSS protection

Learn about CSRF (cross-site request forgery) protection and how Corbado's session management uses it.

CSRF protection

Learn about session fixation protection and how Corbado's session management uses it.

Session fixation protection

In the following, the lifetime and inactivity values you can define with Corbado session management are explained

Session timeouts

Learn about various other topics of Corbado's session management.

Other

Learn about session refresh in Corbado's session management.

Refresh

Learn about session revocation in Corbado's session management.

Revocation

Understand how Corbado's session management approach compares to OAuth2.

OAuth2 comparison

Learn about the specialties of projects in development mode when working with Corbado's session management.

Development mode

Learn how to use your own session management while using Corbado's passkey authentication solution.

Own Session Management

Corbado Complete is a full, standalone passkey-first auth solution in the cloud.

🛡️Corbado Complete

Use Corbado Connect alongside your existing authentication as a passkey upgrade.

🧩Corbado Connect

Passkey association is used to add passkeys to existing users who were authenticated via a legacy auth method.

🔗 Connect via Passkey Association

Understand how you can seamlessly transition your existing password-based users to passkeys.

Seamless User Transition

Corbado's free passkeys analyzer allows you to find out the passkey-readiness of your users based on data about the device, operating system and browser.

Passkeys Analyzer

This page provides an overview and examples for the different URL types used with Corbado.

URL Overview

Passkeys are the new standard to authenticate in native apps and web apps.

Passkeys

The relying party ID identifies the online service that users authenticate against to.

Relying Party ID

Passkeys work seamless in every major browser with all modern web development technologies.

Passkeys in Web Apps

Passkeys work in native apps (e.g. iOS or Android) seamlessly.

Passkeys in Native Apps

For non-passkey-ready devices or users not wanting to use passkeys, fallback options must be implemented.

Fallback Options

To deploy your project to staging or production, some changes need to be made in order to ensure stricter security.

Go live

If you face problems during the go live, please check this page.

Troubleshooting

Use ngrok to develop and test with multiple devices locally on your machine.

Local Multi-Device Testing with ngrok

Cross-Origin Resource Sharing (CORS)

As a developer it might be helpful to use the Google Chrome WebAuthn emulator. It allows you to test the WebAuthn API with a virtual authenticator.

Google Chrome Virtual Authenticator

Corbado services are designed, developed, monitored, and updated with security at our core to protect you and your customers' data and privacy.

Overview

Frontend Integration

Backend Integration

Sessions

Products

Analytics

Helpful Guides

Other

Node.js SDK