Autional Autional
API Reference GitHub autional.com →

POST /auth/id-token/signin

Use ID Token issued by an external OIDC Provider for cross-system SSO login. Verify id_token and return local JWT token.

Authentication None application/json

Request Body

FieldTypeRequiredExampleConstraintsDescription
id_token string No
provider string No

Responses

StatusDescriptionSchema
200Login successfuldto.LoginResponse

Referenced Schemas

dto.LoginResponse

User login result

FieldTypeRequiredExampleConstraintsDescription
access_token string No eyJhbGciOi... Access token
challenge_token string No chg_abc123... MFA challenge token (short-lived, requires MFA verification)
expires_in integer No 1800 Expiration time
mfa_check_reason string No new_device MFA trigger reason description
must_change_password boolean No False Password must be changed
password_expires_in integer No 30 Days until password expires
password_warning string No expiring Password warning: expiring/expired_grace/expired
refresh_token string No eyJhbGciOi... Refresh token
required_mfa_methods array of

string

No List of recommended MFA methods
requires_mfa boolean No False Adaptive MFA: additional MFA verification required
risk_assessment object No Risk assessment
risk_level string No low Risk level: low/medium/high
token_type string No Bearer Token type
user object No User info
user_id string No User ID (redundant with User.ID for flat access)

dto.RiskAssessmentInfo

FieldTypeRequiredExampleConstraintsDescription
level string No
recommended_mfa_methods array of

string

No
require_mfa boolean No
score integer No

dto.UserInfo

User basic information

FieldTypeRequiredExampleConstraintsDescription
created_at string No 2026-01-15T10:30:00Z Account creation time
email string No john@example.com Email
id string No usr_abc123 User ID
must_change_password boolean No False Password must be changed
password_expires_in integer No 30 Days until password expires
password_warning string No expiring Password warning: expiring/expired_grace/expired
phone string No 13800138000 Phone
status string No active Status
username string No john.doe Username