Complete User Login
POST /auth/login
Completes the login process and provides the authenticated user with their authentication token.
The type of credentials used to login is determined by the kind
field in the nested objects (firstFactor
and secondFactor
). Supported credential kinds are:
Fido2
: Login challenge is signed by a user's signing device usingWebAuthn
.Key
: Login challenge is signed by a user's private key.PasswordProtectedKey
: Login challenge is signed by the decrypted user's private key that was sent during Create User Login Challenge step.
Request headers required. See Request Headers for more information.
Required Permissions
Since this endpoint is not authenticated, the permissions apply to the application only.
Name | Conditions |
---|---|
| Always Required |
Request body
|
| temporary authentication token returned by the Create User Login Challenge |
|
| first factor credential used to sign the challenge |
|
|
|
Fido2 Credential
|
| will always be |
|
| |
|
| base64url encoded id of the credential returned by the user's WebAuthn client |
|
| base64url encoded client data object returned by the user's WebAuthn client |
|
| base64url encoded authenticator data object returned by the user's WebAuthn client |
|
| base64url encoded signature returned by the user's WebAuthn client |
|
| base64url encoded userHandle returned by the user's WebAuthn client |
Example
Key Credential and Password Protected Key Credential
|
|
|
|
| |
|
| base64url encoded id of the credential |
|
| base64url encoded Client Data JSON string object that was signed with the user's private key |
|
| base64url encoded signature generated by signing the clientData JSON string object |
Example
Responses
See Common Errors for common errors.
See User Login Errors for user login errors.
Success - a user authentication token
Last updated