Send Login Code

POST /auth/login/code

Sends a temporary one time code to the user that can be used during login flow.

If the user has a credential of kind PasswordProtectedKey a temporary one time code needs to be passed in the loginCode field. That's because the Create User Login Challenge is unauthenticated and returns the encrypted private key of the user. So we need a first step to verify the identity of the user to prevent anybody from fetching the encrypted private key and trying to brute force it offline.

Request headers required. See Request Headers for more information.

Required Permissions

Since this endpoint is not authenticated, the permissions apply to the application only.

Name

Conditions

Auth:Users:Read

Always Required

Request body

username *

String

Email address of the user

orgId *

String

ID of the target Org

Example

{
  "username": "jdoe@example.co",
  "orgId": "or-34513-nip9c-8bppvgqgj28dbodrc"
}

Response

Success

{
    "message": "success"
}

See Common Errors for common errors.
See User Login Errors for user login errors.

Last updated 6 months ago