Method: accounts.signInWithPassword

HTTP request
Request body
- JSON representation
Response body
- JSON representation
Authorization Scopes
Try it!

Signs in a user with email and password. If the sign-in succeeds, a new Identity Platform ID token and refresh token are issued for the authenticated user.

An API key is required in the request in order to identify the Google Cloud project.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{ "email": string, "password": string, "captchaResponse": string, "idToken": string, "returnSecureToken": boolean, "tenantId": string }

Fields
`email`	`string` Required. The email the user is signing in with. The length of email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the RFC 822 addr-spec production.
`password`	`string` Required. The password the user provides to sign in to the account.
`captchaResponse`	`string` The response from a reCaptcha challenge. A recaptcha response is required when the service detects possible abuse activity.
`idToken (deprecated)`	`string`
`returnSecureToken`	`boolean` Should always be true.
`tenantId`	`string` The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform instance in the project.

Response body

If successful, the response body contains data with the following structure:

Response message for accounts.signInWithPassword.

JSON representation

JSON representation
{ "localId": string, "email": string, "displayName": string, "idToken": string, "profilePicture": string, "refreshToken": string, "expiresIn": string, "mfaPendingCredential": string, "mfaInfo": [ { object (`MfaEnrollment`) } ] }

{
  "localId": string,
  "email": string,
  "displayName": string,
  "idToken": string,
  "profilePicture": string,
  "refreshToken": string,
  "expiresIn": string,
  "mfaPendingCredential": string,
  "mfaInfo": [
    {
      object (MfaEnrollment)
    }
  ]
}

Fields
`localId`	`string` The ID of the authenticated user. Always present in the response.
`email`	`string` The email of the authenticated user. Always present in the response.
`displayName`	`string` The user's display name stored in the account's attributes.
`idToken`	`string` An Identity Platform ID token for the authenticated user.
`profilePicture`	`string` The user's profile picture stored in the account's attributes.
`refreshToken`	`string` An Identity Platform refresh token for the authenticated user.
`expiresIn`	`string (int64 format)` The number of seconds until the Identity Platform ID token expires.
`mfaPendingCredential`	`string` An opaque string that functions as proof that the user has successfully passed the first factor authentication.
`mfaInfo[]`	`object (MfaEnrollment)` Info on which multi-factor authentication providers are enabled for the account. Present if the user needs to complete the sign-in using multi-factor authentication.

Authorization Scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.