# Login with password

Authenticate a user with a password

Endpoint: POST /v1/auth/password/login

## Request fields (application/json):

  - `username` (string)
    The user's username. Pass either username or email, but not both.

  - `email` (string)
    The user's primary email address. Pass either username or email, but not both.

  - `phone_number` (string)
    The user's primary phone number. Pass only one of username, email, or phone_number, but not both.

  - `identifier_type` (string)
    Type of user identifier used for login

  - `identifier` (string)
    User identifier, which may correspond to the user's email, phone number, username, or user ID. The type of identifier should be specified as the identifier_type.

  - `password` (string, required)
    The user's password

  - `client_id` (string, required)
    Client ID of the application requesting authentication, retrieved from the Transmit Admin Portal
    Example: "c35ab2a.xVShlOVGsUMh3Cqk73K1O.transmit"

  - `redirect_uri` (string, required)
    URI to redirect to upon completion of the IDP flow. This is the server GET endpoint used to call the token endpoint, and should accept "code" as a query parameter. This URI must also be configured as an allowed redirect URI in the Transmit Admin Portal.
    Example: "https://domain.com/verify"

  - `resource` (string)
    Resource URI the login is attempting to access.

  - `require_mfa` (boolean)
    Require multi-factor authentication for this authentication request.
    Example: true

  - `claims` (object)
    Used to request additional claims in the ID token, such as roles, permissions, and other user profile data. The structure is per the [OIDC Standard](https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter). For supported claims and how to request custom claims, see the [ID Token Reference](https://developer.transmitsecurity.com/openapi/id_token_reference/).
    Example: {"id_token":{"roles":null}}

  - `org_id` (string)
    Organization ID, used for member login in B2B scenarios

## Response 200 fields (application/json):

  - `result` (object, required)

  - `result.url` (string)
    URL to start the authentication flow. This is only returned if password reset is not required.

## Response 403 fields (application/json):

  - `message` (string, required)
    Reason the password reset is required
    Enum: "password_expired", "temporary_password", "temporary_password_expired"

  - `error_code` (number, required)
    Example: 403

  - `reset_token` (string, required)
    Reset token needed to authorize the password reset, if a password reset is required

  - `ts_error_code` (string)
    Internal error code
    Enum: "system_invalid_input", "system_unauthorized", "system_conflict", "system_forbidden", "system_unexpected_error", "system_service_unavailable", "app_not_exist", "client_not_exist", "client_id_mismatch", "client_not_authorized", "client_max_secrets_exceeded", "client_cannot_revoke_last_secret", "client_secret_not_found", "user_already_exists", "user_not_found", "user_not_active", "user_email_address_missing", "user_phone_number_missing", "user_email_is_not_verified", "user_phone_number_is_not_verified", "user_external_user_id_missing", "user_unknown_identifier_type", "user_unknown_identity_provider_source_type", "group_not_found", "session_not_found", "session_account_mismatch", "session_invalid", "session_account_id_not_found", "session_grant_not_found", "session_granted_account_mismatch", "session_grant_id_mismatch", "auth_login_preferences_missing", "auth_invalid_credentials", "auth_locked", "auth_not_found", "authenticator_not_found", "auth_not_active", "auth_not_registered", "auth_registration_failed", "auth_max_authenticators_count_exceeded", "auth_otp_passcode_expired", "auth_otp_invalid_request_id", "auth_password_expired", "auth_password_temporary", "auth_password_recently_used", "auth_password_policy_disabled", "auth_password_weak", "auth_password_breached", "auth_password_requirements_not_met", "auth_password_already_configured", "auth_password_incomplete_credentials", "auth_password_invalid_reset_token", "auth_totp_transaction_not_initialized_or_expired", "auth_totp_invalid_token", "auth_totp_already_registered", "auth_totp_max_authenticators_attempt_limit_exceeded", "auth_webauthn_invalid_origin_error", "auth_webauthn_origin_not_allowed", "auth_webauthn_invalid_webauthn_config", "auth_webauthn_invalid_encoded_result", "auth_webauthn_invalid_session", "auth_webauthn_invalid_register_cred_token", "auth_webauthn_credential_name_already_exists", "auth_invalid_attestation", "auth_invalid_key_type", "auth_invalid_key_encoding", "auth_key_not_found", "auth_invalid_signature", "auth_invalid_binding_message", "auth_invalid_request_context", "auth_invalid_channel", "auth_device_key_not_found", "auth_push_notification_failed", "auth_authentication_request_not_found", "auth_authentication_request_expired", "auth_authentication_request_denied", "auth_authorization_request_pending", "auth_backchannel_request_not_found", "auth_backchannel_request_expired", "auth_backchannel_request_already_completed", "auth_invalid_redirect_uri", "auth_challenge_mismatch", "auth_request_not_found", "auth_face_already_registered", "auth_invalid_idv_session", "auth_face_selfie_failed_on_liveness_check", "auth_revoke_failed", "external_provider_error", "external_provider_configuration_error", "role_not_found", "role_group_not_found", "organization_not_found", "sso_not_exist", "webhook_not_found", "device_not_found", "device_limit_exceeded"


## Response 401 fields
