Autional Autional
API Reference GitHub autional.com →

POST /auth/ticket/signin

Complete login using a one-time ticket generated in the background; the ticket becomes invalid immediately after verification (single use), returning a JWT token. Suitable for cross-system SSO and admin impersonation scenarios. References: RFC 6749 §1.5.

Authentication None application/json

Request Body

Schema: dto.TicketSigninRequest

FieldTypeRequiredExampleConstraintsDescription
ticket string Yes a1b2c3d4... One-time ticket

Responses

StatusDescriptionSchema
200Login successful, returns JWT tokendto.LoginResponse
400Invalid or expired ticketgitee_com_linmes_authms_base_dto.SimpleResponse
500Internal server errorgitee_com_linmes_authms_base_dto.SimpleResponse

Referenced Schemas

dto.LoginResponse

User login result

FieldTypeRequiredExampleConstraintsDescription
access_token string No eyJhbGciOi... Access token
challenge_token string No chg_abc123... MFA challenge token (short-lived, requires MFA verification)
expires_in integer No 1800 Expiration time
mfa_check_reason string No new_device MFA trigger reason description
must_change_password boolean No False Password must be changed
password_expires_in integer No 30 Days until password expires
password_warning string No expiring Password warning: expiring/expired_grace/expired
refresh_token string No eyJhbGciOi... Refresh token
required_mfa_methods array of

string

No List of recommended MFA methods
requires_mfa boolean No False Adaptive MFA: additional MFA verification required
risk_assessment object No Risk assessment
risk_level string No low Risk level: low/medium/high
token_type string No Bearer Token type
user object No User info
user_id string No User ID (redundant with User.ID for flat access)

dto.RiskAssessmentInfo

FieldTypeRequiredExampleConstraintsDescription
level string No
recommended_mfa_methods array of

string

No
require_mfa boolean No
score integer No

dto.UserInfo

User basic information

FieldTypeRequiredExampleConstraintsDescription
created_at string No 2026-01-15T10:30:00Z Account creation time
email string No john@example.com Email
id string No usr_abc123 User ID
must_change_password boolean No False Password must be changed
password_expires_in integer No 30 Days until password expires
password_warning string No expiring Password warning: expiring/expired_grace/expired
phone string No 13800138000 Phone
status string No active Status
username string No john.doe Username

gitee_com_linmes_authms_base_dto.SimpleResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
message string No
timestamp string No