Password Authentication
This endpoint will be used to authenticate users using their login identifier and password.
The identifier can be an email address, phone number, username, or otp option id. You can determine the exact type by inspecting the method property.
Endpoint
Consider the following specs in designing your password authentication endpoint:
| URL | anything |
| Method | POST |
| Headers | Content-Type, Signature |
| Format | JSON |
Parameters
| Attribute | Type | Required | Values |
|---|---|---|---|
| method | enum | Yes | username, email, phone, otp |
| identifier | string | Yes | |
| password | string | No | |
| request_token | boolean | No | |
| ip | string | No |
Response
Status Codes (HTTP)
| Code | Description |
|---|---|
| 200 | Success |
| 401 | Unauthorized |
| 400 | Signature/Input validation Failed |
SSOfy utilizes the HTTP Status code to verify the result.
The response must be of the type Auth Response and include the user object.
When the request_token parameter is set to true, you must generate a temporary token and include it in the response payload. This parameter is activated when an OTP request is made for an important action such as a "password reset". After the OTP verification is complete, SSOfy sends this token back to your API server in event, along with any other necessary data, for the finalization step in the process.
This token should be secure enough and valid for a specific length of time. The TTL (time-to-live) for the token should also be included in the request payload. For more information on the token entity, refer to the Token documentation.
📌 Info
Since the authentication is a step before the authorization, it's a good idea to send SSOfy only the user information that is required to be displayed on the login page, such as the user's display name and profile(optional).
Knowledge BaseDo you need support?
Copyright © 2024 Cubelet Ltd. All rights reserved.