This endpoint will be used to authenticate users using their login identifier and password.
identifier can be an email address, phone number, username, or otp option id.
You can determine the exact type by inspecting the
Consider the following specs in designing your password authentication endpoint:
|username, email, phone, otp
|Signature/Input validation Failed
SSOfy utilizes the HTTP Status code to verify the result.
The response must be of the type Auth Response
and include the
request_token parameter is set to
true, you must generate a temporary token and include it in the
response payload. This parameter is activated when an OTP request is made for an important action such as
a "password reset".
After the OTP verification is complete, SSOfy sends this token back to your API server in event,
along with any other necessary data, for the finalization step in the process.
This token should be secure enough and valid for a specific length of time. The TTL (time-to-live) for the token should also be included in the request payload. For more information on the token entity, refer to the Token documentation.
Since the authentication is a step before the authorization, it's a good idea to send SSOfy only the user information
that is required to be displayed on the login page, such as the user's
display name and