Post
/sys/v1/session/auth
Authenticate a user or an app to begin a session. The caller needs to provide a basic authentication token or an appropriate request body (see input type). The response body contains a bearer authentication token which needs to be provided by subsequent calls for the duration of the session.
If this is basic auth and the user has MFA devices configured,
the response also contains challenge for the device to sign.
Until the signed assertion is passed to POST /sys/v1/session/auth/2fa/fido2
to complete 2FA, the bearer token can't be used for anything else.
Security
HTTP
Type basic
API Key
Header parameter nameAuthorization
Body parameters
token_type
string
Valid values[
"Bearer",
"Cookie"
]
OneOf
object
object
method
string Required
Valid values[
"saml-response"
]
id
string | null
response
string Required
object
object
method
string Required
Valid values[
"oauth-auth-code"
]
idp_id
string (byte) Required
code
string Required
email
string Required
object
object
method
string Required
Valid values[
"ldap-basic-auth"
]
idp_id
string (byte) Required
email
string Required
password
string Required
acct_id
string (uuid) | null
object
object
method
string Required
Valid values[
"auth-by-app-name"
]
acct_id
string (uuid) Required
name
string Required
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
password
string Required
object
object
method
string Required
Valid values[
"aws-iam"
]
acct_id
string (uuid) Required
region
string Required
headers
object Required
property*
string additionalProperties
object
object
method
string Required
Valid values[
"password"
]
email
string (email) Required
password
string Required
recaptcha_response
string | null
Responses
2XX
Success result
object
token_type
string
Valid values[
"Bearer",
"Cookie"
]
expires_in
integer
Minimum0
Maximum4294967295
access_token
string
entity_id
string (uuid)
challenge
object
u2f_challenge
string
u2f_keys
Array of object (U2fRegisteredKey)
object
keyHandle
string
version
string
fido2_assertion_options
object
challenge
string (byte)
timeout
integer | null
rpId
string | null
allowCredentials
Array of object | null
object
type
string
Valid values[
"public-key"
]
id
string (byte)
transports
Array
OneOf
string
string
Valid values[
"usb",
"nfc",
"ble",
"internal"
]
string
string
userVerification
string
Valid values[
"required",
"preferred",
"discouraged"
]
extensions
object
appidExclude
string | null
appid
string | null
example.extension.bool
boolean | null
allowed_mfa_methods
Array
OneOf
MfaAuthMethodVariantFido2
object (MfaAuthMethodVariantFido2)
Fido2
object
challenge
object
challenge
string (byte)
timeout
integer | null
rpId
string | null
allowCredentials
Array of object | null
object
type
string
Valid values[
"public-key"
]
id
string (byte)
transports
Array
OneOf
string
string
Valid values[
"usb",
"nfc",
"ble",
"internal"
]
string
string
userVerification
string
Valid values[
"required",
"preferred",
"discouraged"
]
extensions
object
appidExclude
string | null
appid
string | null
example.extension.bool
boolean | null
challenge_token
string (byte)
mfa_devices
Array of object (MfaDevice)
object
name
string
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
type
string
Valid values[
"U2f",
"Fido2"
]
origin
string | null