Passwords

Download OpenAPI specification:Download

Login users using passwords. This implements a backend-to-backend integration for password authentication.

Authenticate password

Authenticates a user using their username and password. The value of this username may correspond to the user's username, phone number, or email (based on what was used to register their password credentials, see Register password).

SecurityOAuth2: ClientAccessToken
Request
Request Body schema: application/json
required
resource
string

Resource URI the authentication request is attempting to access, which is reflected in the audience (aud claim) of the access token. This must be configured as resource for the application.

claims
object

Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the OIDC Standard. For supported claims and how to request custom claims, see the ID Token Reference.

org_id
string

Organization ID, used for member login in B2B scenarios

session_id
string

Used to associate the authentication with an existing session (such as for MFA). If unspecified, a new session is created and the session ID is returned.

username
required
string

Identifier of the user, which may contain the user's username, email or phone number (depending on what was used to register password credentials). The username_type must match the type of identifier used.

password
required
string

Password

username_type
string
Default: "username"

Type of user identifier used to register the password

Enum: "username" "email" "phone_number"
Responses
200

Returns user tokens

post/v1/auth/password/authenticate
Request samples
application/json
{
  • "resource": "string",
  • "claims": {
    },
  • "org_id": "string",
  • "session_id": "string",
  • "username": "string",
  • "password": "string",
  • "username_type": "username"
}
Response samples
application/json
{
  • "access_token": "string",
  • "id_token": "string",
  • "refresh_token": "string",
  • "token_type": "string",
  • "expires_in": 3600,
  • "session_id": "string"
}