Method: accounts.signInWithEmailLink

HTTP request
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
Try it!

Signs in or signs up a user with a out-of-band code from an email link. If a user does not exist with the given email address, a user record will be created. If the sign-in succeeds, an Identity Platform ID and refresh token are issued for the authenticated user.

An API key is required in the request in order to identify the Google Cloud project.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithEmailLink

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{ "oobCode": string, "email": string, "idToken": string, "tenantId": string }

Fields
`oobCode`	`string` Required. The out-of-band code from the email link.
`email`	`string` Required. The email address the sign-in link was sent to. The length of email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the RFC 822 addr-spec production.
`idToken`	`string` A valid ID token for an Identity Platform account. If passed, this request will link the email address to the user represented by this ID token and enable sign-in with email link on the account for the future.
`tenantId`	`string` The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform project.

Response body

Response message for accounts.signInWithEmailLink.

If successful, the response body contains data with the following structure:

JSON representation

JSON representation
{ "kind": string, "idToken": string, "email": string, "refreshToken": string, "expiresIn": string, "localId": string, "isNewUser": boolean, "mfaPendingCredential": string, "mfaInfo": [ { object (`MfaEnrollment`) } ] }

{
  "kind": string,
  "idToken": string,
  "email": string,
  "refreshToken": string,
  "expiresIn": string,
  "localId": string,
  "isNewUser": boolean,
  "mfaPendingCredential": string,
  "mfaInfo": [
    {
      object (MfaEnrollment)
    }
  ]
}

Fields
`kind (deprecated)`	`string` This item is deprecated!
`idToken`	`string` An Identity Platform ID token for the authenticated user.
`email`	`string` The email the user signed in with. Always present in the response.
`refreshToken`	`string` Refresh token for the authenticated user.
`expiresIn`	`string (int64 format)` The number of seconds until the ID token expires.
`localId`	`string` The ID of the authenticated user. Always present in the response.
`isNewUser`	`boolean` Whether the authenticated user was created by this request.
`mfaPendingCredential`	`string` An opaque string that functions as proof that the user has successfully passed the first factor check.
`mfaInfo[]`	`object (MfaEnrollment)` Info on which multi-factor authentication providers are enabled. Present if the user needs to complete the sign-in using multi-factor authentication.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.