WWPass JavaScript library (wwpass.js)

WWPass JavaScript library, wwpass.js, is used in WWPass authentications on Web resources.

It works in close cooperation with the browser plugin.

wwpass.js is responsible for interaction between WWPass hardware keys and WWPass core network.

Upon mutual authentication the transaction ticket is sent to and/or from WWPass network.

A link to the script may be included into the HTML page as follows:

<script src="//cdn.wwpass.com/packages/latest/wwpass.js"></script>


The library API consists of two functions - wwpass_auth and wwpass_on_key_removed


* Starts authentication and ticket transfer.
wwpass_auth({'ticket': aTicket, 'callback': aCallBack});

argument: a JSON object with the following fields

  • ticket: WWPass ticket, received from Service Provider (CCW scheme) or SP_name (CW scheme)
  • callback: function to be called upon completion of authentication. When called, this callback is given two parameters:
    • status: enum - final status of a transaction. WWPass_OK (code 200) means success. Other codes relate to particular problems. Enum names and corresponding numbers may be found in wwpass.js. The NOTE below explains why there is no need to process individual authentication errors in the page code.
    • ticket_or_reason: string - WWPass ticket if success, or text explaining the problem.

When authentication fails for any reason, the text of the reason is returned in the ticket_or_reason argument of the callback. Usually this text may be ignored: browser plugin shows a pop-up dialog containing this brief explanation automatically.



Sets a function to be called when WWPass Key is removed. The function may be used to logout current user. No argument will be given to the callback function

Sample code#

The sample code below shows a CW-scheme authentication. The wwpass_auth is given an SP_name only, while full ticket is returned to the auth_cb callback.

It is assumed that on successful authentication user will be redirected to the index.php page. The new ticket is sent as a GET parameter.

It is also assumed that actual logout is done on logout.php page.

<button type="button" onclick="token_auth('example.com');">Login with WWPass</button>
<script type="text/javascript" src="//cdn.wwpass.com/packages/latest/wwpass.js"></script>
function auth_cb(status, ticket_or_reason) {
if (status == WWPass_OK) {
// authentication completed
window.location.href = 'index.php?ticket=' + encodeURIComponent(ticket_or_reason);
} else {
// authentication failed or canceled
// console.log('Error (' + status + '): ' + ticket_or_reason );
function token_auth(anSPname) {
wwpass_auth({'ticket': anSPname, 'callback': auth_cb});
function cb_key_removed() {
// key was removed