Password Authentication

This endpoint will be used to authenticate users using their login identifier and password.

The identifier can be an email address, phone number, username, or otp option id. You can determine the exact type by inspecting the method property.

Consider the following specs in designing your password authentication endpoint:

URLanything
MethodPOST
HeadersContent-Type, Signature
FormatJSON
AttributeTypeRequiredValues
methodenumYesusername, email, phone, otp
identifierstringYes
passwordstringNo
request_tokenbooleanNo
ipstringNo
CodeDescription
200Success
401Unauthorized
400Signature/Input validation Failed

SSOfy utilizes the HTTP Status code to verify the result.

The response must be of the type Auth Response and include the user object.

When the request_token parameter is set to true, you must generate a temporary token and include it in the response payload. This parameter is activated when an OTP request is made for an important action such as a "password reset". After the OTP verification is complete, SSOfy sends this token back to your API server in event, along with any other necessary data, for the finalization step in the process.

This token should be secure enough and valid for a specific length of time. The TTL (time-to-live) for the token should also be included in the request payload. For more information on the token entity, refer to the Token documentation.

📌 Info

Since the authentication is a step before the authorization, it's a good idea to send SSOfy only the user information that is required to be displayed on the login page, such as the user's display name and profile (optional).

ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.