Password Authentication

Authenticates the user with username and password

Description

This step authenticates the user by validating their password credentials. Password credentials may be registered using the Register Password or Register Temporary Password step.

The user's password credentials must be obtained before initiating this step, such as using a login form (see Example). If the authentication succeeds, the journey sets the user context to the authenticated user and continues to the next step. Tokens generated for the authentication can be accessed in subsequent steps using @policy.userTokens().

If the password is expired, the authentication won't succeed. The expiration can be configured in the Password settings for the application. If expired, the journey proceeds to the password expired branch (if one is configured); otherwise the journey is aborted.

If the authentication fails for other reasons (e.g., incorrect password), the journey proceeds to the failure branch (if specified); otherwise, the journey is aborted and an error is sent to the client. When building a password solution, you'll need to consider how to handle the different error cases.

Configuration

Field Description
User Identifier Expression that yields a user identifier.
Password Expression that yields the user's password.
Error Output Variable Name of the variable that stores any errors returned by step
Failure Behavior Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default).
Password Expired Behavior Determines the behavior in case the user's password is expired, which either aborts the journey (default) or proceeds to a password expired branch of the control flow

Example

Consider a login form that collects username and password, created using the Login Form step. In our example, the form ID is loginForm, the schema contains username and password, and the input will be stored in loginData.

Here we obtain the user identifier and password from the form output (loginForm.username and loginForm.password).