Method: accounts.signInWithCustomToken

Signs in or signs up a user by exchanging a custom Auth token. Upon a successful sign-in or sign-up, a new Identity Platform ID token and refresh token are issued for the user.

An API key is required in the request in order to identify the Google Cloud project.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{
  "token": string,
  "returnSecureToken": boolean,
  "tenantId": string
}
Fields
token

string

Required. The custom Auth token asserted by the developer. The token should be a JSON Web Token (JWT) that includes the claims listed in the API reference under the "Custom Token Claims" section.

returnSecureToken

boolean

Should always be true.

tenantId

string

The ID of the Identity Platform tenant the user is signing in to. If present, the ID should match the tenantId in the token.

Response body

If successful, the response body contains data with the following structure:

Response message for accounts.signInWithCustomToken.

JSON representation
{
  "idToken": string,
  "refreshToken": string,
  "expiresIn": string,
  "isNewUser": boolean
}
Fields
idToken

string

An Identity Platform ID token for the authenticated user.

refreshToken

string

An Identity Platform refresh token for the authenticated user.

expiresIn

string (int64 format)

The number of seconds until the ID token expires.

isNewUser

boolean

Whether the authenticated user was created by this request.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.