Passwordless auth utils using Virgil public keys service

Usage no npm install needed!

<script type="module">
  import virgilPasswordless from '';


Passwordless auth for node applications

This module provides simple passwordless auth service using Virgil Public Keys infrastructure.


npm install virgil-passwordless


Initialize service

var VirgilPasswordless = require('virgil-passwordless');
var appToken = '1b79865e30978ec2ec9a83a44916b0a5';
var passwordless = new VirgilPasswordless(appToken);

Generate encrypted auth handshake token for email

var userEmail = '';
passwordless.generateToken(userEmail, function afterTokenGenerated (err, payload) {
    // payload = {
    //     encrypted_token: '91v2j39182jd39182jd1323c8j23c49...',
    //     public_key_id: 'vj32r-23e3ev-cece3-23gvc-423v'
    // }

What's inside

  1. Using given email retrive public key from Virgil public keys service
  2. Generate random token token and encrypt it using retrived public key
  3. Store token in local storage (memory or custom storage passed to constructor)
  4. Schedule token expiration (default timeout is 120 seconds)

Possible errors

Error Code
Public key lookup error 1
Storage set error 2

Verify decrypted token retrieved from the client

passwordless.verifyToken(userEmail, decryptedToken, function afterVerification (err) {
    // if err is null then verification was successfully passed

What's inside

  1. Pick original token from storage
  2. Compare origin token and decryptedToken passed to function
  3. Remove token from storage (even in case if compare failure)

Possible errors

Error Code
Storage get error 3
Token not found 4
Tokens not match 5
Storage unset error 6

Custom store for tokens

You can use custom store for tokens

new VirgilPasswordless(appToken, {
    store: customStore

Store should implement node-style callbacks based interface, example of implementation:

var store = {
    cache: {},
    get: function get (key, cb) {
        cb(null, cache[key]);
    set: function set (key, value, cb) {
        this.cache[key] = value;
    unset: function unset (key, cb) {
        delete this.cache[key];

Token expire time

You can specify token expire time in ms

new VirgilPasswordless(appToken, {
    expireTimeout: 60000 // ms


BSD 3-Clause. See LICENSE for details.