Signs in or signs up a user by exchanging a custom Auth token. Upon a successful sign-in or sign-up, a new Identity Platform ID token and refresh token are issued for the user.
An API key is required in the request in order to identify the Google Cloud project.
HTTP request
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "token": string, "instanceId": string, "returnSecureToken": boolean, "delegatedProjectNumber": string, "tenantId": string } |
| Fields | |
|---|---|
token |
Required. The custom Auth token asserted by the developer. The token should be a JSON Web Token (JWT) that includes the claims listed in the API reference under the "Custom Token Claims" section. |
instanceId |
|
return |
Should always be true. |
delegatedProjectNumber |
|
tenant |
The ID of the Identity Platform tenant the user is signing in to. If present, the ID should match the tenantId in the token. |
Response body
Response message for accounts.signInWithCustomToken.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "kind": string, "idToken": string, "refreshToken": string, "expiresIn": string, "isNewUser": boolean } |
| Fields | |
|---|---|
kind |
|
id |
An Identity Platform ID token for the authenticated user. |
refresh |
An Identity Platform refresh token for the authenticated user. |
expires |
The number of seconds until the ID token expires. |
is |
Whether the authenticated user was created by this request. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkithttps://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.