/auth/id-token/signinUse ID Token issued by an external OIDC Provider for cross-system SSO login. Verify id_token and return local JWT token.
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
id_token |
string |
No | |||
provider |
string |
No |
| Status | Description | Schema |
|---|---|---|
| 200 | Login successful | dto.LoginResponse |
User login result
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
access_token |
string |
No | eyJhbGciOi... |
Access token | |
challenge_token |
string |
No | chg_abc123... |
MFA challenge token (short-lived, requires MFA verification) | |
expires_in |
integer |
No | 1800 |
Expiration time | |
mfa_check_reason |
string |
No | new_device |
MFA trigger reason description | |
must_change_password |
boolean |
No | False |
Password must be changed | |
password_expires_in |
integer |
No | 30 |
Days until password expires | |
password_warning |
string |
No | expiring |
Password warning: expiring/expired_grace/expired | |
refresh_token |
string |
No | eyJhbGciOi... |
Refresh token | |
required_mfa_methods |
array of string |
No | List of recommended MFA methods | ||
requires_mfa |
boolean |
No | False |
Adaptive MFA: additional MFA verification required | |
risk_assessment |
object |
No | Risk assessment | ||
risk_level |
string |
No | low |
Risk level: low/medium/high | |
token_type |
string |
No | Bearer |
Token type | |
user |
object |
No | User info | ||
user_id |
string |
No | User ID (redundant with User.ID for flat access) |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
level |
string |
No | |||
recommended_mfa_methods |
array of string |
No | |||
require_mfa |
boolean |
No | |||
score |
integer |
No |
User basic information
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
created_at |
string |
No | 2026-01-15T10:30:00Z |
Account creation time | |
email |
string |
No | john@example.com |
||
id |
string |
No | usr_abc123 |
User ID | |
must_change_password |
boolean |
No | False |
Password must be changed | |
password_expires_in |
integer |
No | 30 |
Days until password expires | |
password_warning |
string |
No | expiring |
Password warning: expiring/expired_grace/expired | |
phone |
string |
No | 13800138000 |
Phone | |
status |
string |
No | active |
Status | |
username |
string |
No | john.doe |
Username |