This is an optional endpoint for token-based authentication.
An example usecase would be logging in the user by a link sent to their email.
Consider the following specs in designing your token authentication endpoint:
|Signature/Input validation Failed
SSOfy utilizes the HTTP Status code to verify the result.
The response must be of the type Auth Response
and include the
Since the authentication is a step before the authorization, it's a good idea to send SSOfy only the user information
that is required to be displayed on the login page, such as the user's
display name and