> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Complete User Login > Completes the login process and provides the authenticated user with their authentication token. The type of credentials used to login is determined by the `kind` field in the nested objects (`firstFactor` and `secondFactor`). Supported credential kinds are: * `Fido2`: Login challenge is signed by a user's signing device using `WebAuthn`. * `Key`: Login challenge is signed by a user's private key. * `PasswordProtectedKey`: Login challenge is signed by the decrypted user's private key that was sent during [Create User Login Challenge](../registration/inituserregistration) step. ## OpenAPI ````yaml /openapi.yaml post /auth/login openapi: 3.1.0 info: version: 1.807.0 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /auth/login: post: tags: - Auth summary: Complete User Login description: > Completes the login process and provides the authenticated user with their authentication token. The type of credentials used to login is determined by the `kind` field in the nested objects (`firstFactor` and `secondFactor`). Supported credential kinds are: * `Fido2`: Login challenge is signed by a user's signing device using `WebAuthn`. * `Key`: Login challenge is signed by a user's private key. * `PasswordProtectedKey`: Login challenge is signed by the decrypted user's private key that was sent during [Create User Login Challenge](../registration/inituserregistration) step. requestBody: content: application/json: schema: type: object properties: challengeIdentifier: type: string description: >- Temporary authentication token returned by the Create Challenge endpoint. firstFactor: $ref: '#/components/schemas/FirstFactorAssertion' secondFactor: $ref: '#/components/schemas/SecondFactorAssertion' required: - challengeIdentifier - firstFactor additionalProperties: false responses: '200': description: Success content: application/json: schema: anyOf: - type: object properties: token: type: string required: - token - type: object properties: ssoClientId: type: string required: - ssoClientId security: - {} components: schemas: FirstFactorAssertion: oneOf: - $ref: '#/components/schemas/Fido2Assertion' - $ref: '#/components/schemas/KeyAssertion' - $ref: '#/components/schemas/PasswordProtectedKeyAssertion' - $ref: '#/components/schemas/PasswordAssertion' discriminator: propertyName: kind mapping: Fido2: $ref: '#/components/schemas/Fido2Assertion' Key: $ref: '#/components/schemas/KeyAssertion' PasswordProtectedKey: $ref: '#/components/schemas/PasswordProtectedKeyAssertion' Password: $ref: '#/components/schemas/PasswordAssertion' description: First factor credential used to sign the challenge. SecondFactorAssertion: oneOf: - $ref: '#/components/schemas/Fido2Assertion' - $ref: '#/components/schemas/KeyAssertion' - $ref: '#/components/schemas/PasswordProtectedKeyAssertion' - $ref: '#/components/schemas/TotpAssertion' discriminator: propertyName: kind mapping: Fido2: $ref: '#/components/schemas/Fido2Assertion' Key: $ref: '#/components/schemas/KeyAssertion' PasswordProtectedKey: $ref: '#/components/schemas/PasswordProtectedKeyAssertion' Totp: $ref: '#/components/schemas/TotpAssertion' description: Second factor credential used to authenticate a user. Fido2Assertion: type: object properties: kind: type: string enum: - Fido2 credentialAssertion: type: object properties: credId: type: string minLength: 1 description: >- Base64url-encoded id of the credential returned by the user's WebAuthn client. clientData: type: string minLength: 1 description: >- Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. signature: type: string minLength: 1 description: >- Base64url-encoded signature returned by the user's WebAuthn client. algorithm: type: string description: >- The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. authenticatorData: type: string minLength: 1 description: >- Base64url encoded authenticator data object returned by the user's WebAuthn client. userHandle: type: string description: >- Base64url encoded userHandle returned by the user's WebAuthn client. required: - credId - clientData - signature - authenticatorData additionalProperties: false required: - kind - credentialAssertion additionalProperties: false description: Use a Fido2 Credential, also known as Passkeys or WebauthN credential. title: Fido2/Passkeys KeyAssertion: type: object properties: kind: type: string enum: - Key credentialAssertion: type: object properties: credId: type: string minLength: 1 description: >- Base64url-encoded id of the credential returned by the user's WebAuthn client. clientData: type: string minLength: 1 description: >- Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. signature: type: string minLength: 1 description: >- Base64url-encoded signature returned by the user's WebAuthn client. algorithm: type: string description: >- The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. required: - credId - clientData - signature additionalProperties: false required: - kind - credentialAssertion additionalProperties: false description: Use a "raw" public/private keypair. title: Public/Private key pair PasswordProtectedKeyAssertion: type: object properties: kind: type: string enum: - PasswordProtectedKey credentialAssertion: type: object properties: credId: type: string minLength: 1 description: >- Base64url-encoded id of the credential returned by the user's WebAuthn client. clientData: type: string minLength: 1 description: >- Base64url-encoded, stringified JSON [client data](https://docs.dfns.co/api-reference/auth/credentials-data#client-data) object returned by the user's WebAuthn client. signature: type: string minLength: 1 description: >- Base64url-encoded signature returned by the user's WebAuthn client. algorithm: type: string description: >- The algorithm/digest that the credential will use to sign data. If the algoritm is not specified then the algorithm will be determined by the key. required: - credId - clientData - signature additionalProperties: false required: - kind - credentialAssertion additionalProperties: false description: 'Use an encrypted private key. ' title: Password-protected Key PasswordAssertion: type: object properties: kind: type: string enum: - Password password: type: string minLength: 1 required: - kind - password additionalProperties: false description: Not supported, will be removed in a future release. title: Password TotpAssertion: type: object properties: kind: type: string enum: - Totp otpCode: type: string minLength: 1 required: - kind - otpCode additionalProperties: false description: Not supported, will be removed in a future release. title: TOTP ````