Signs in or signs up a user with a out-of-band code from an email link. If a user does not exist with the given email address, a user record will be created. If the sign-in succeeds, an Identity Platform ID and refresh token are issued for the authenticated user.
An API key is required in the request in order to identify the Google Cloud project.
HTTP request
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithEmailLink
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "oobCode": string, "email": string, "idToken": string, "tenantId": string } |
Fields | |
---|---|
oobCode |
Required. The out-of-band code from the email link. |
email |
Required. The email address the sign-in link was sent to. The length of email should be less than 256 characters and in the format of |
idToken |
A valid ID token for an Identity Platform account. If passed, this request will link the email address to the user represented by this ID token and enable sign-in with email link on the account for the future. |
tenantId |
The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform project. |
Response body
Response message for accounts.signInWithEmailLink.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"kind": string,
"idToken": string,
"email": string,
"refreshToken": string,
"expiresIn": string,
"localId": string,
"isNewUser": boolean,
"mfaPendingCredential": string,
"mfaInfo": [
{
object ( |
Fields | |
---|---|
kind |
|
idToken |
An Identity Platform ID token for the authenticated user. |
email |
The email the user signed in with. Always present in the response. |
refreshToken |
Refresh token for the authenticated user. |
expiresIn |
The number of seconds until the ID token expires. |
localId |
The ID of the authenticated user. Always present in the response. |
isNewUser |
Whether the authenticated user was created by this request. |
mfaPendingCredential |
An opaque string that functions as proof that the user has successfully passed the first factor check. |
mfaInfo[] |
Info on which multi-factor authentication providers are enabled. Present if the user needs to complete the sign-in using multi-factor authentication. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.