Method: accounts.signInWithPassword

Signs in a user with email and password. If the sign-in succeeds, a new Identity Platform ID token and refresh token are issued for the authenticated user.

An API key is required in the request in order to identify the Google Cloud project.

HTTP request

POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{
  "email": string,
  "password": string,
  "captchaResponse": string,
  "idToken": string,
  "returnSecureToken": boolean,
  "tenantId": string
}
Fields
email

string

Required. The email the user is signing in with. The length of email should be less than 256 characters and in the format of name@domain.tld. The email should also match the RFC 822 addr-spec production.

password

string

Required. The password the user provides to sign in to the account.

captchaResponse

string

The response from a reCaptcha challenge. A recaptcha response is required when the service detects possible abuse activity.

idToken

string

A valid ID token for an Identity Platform account. If set, this request will link the authentication credential to the user represented by this ID token.

returnSecureToken

boolean

Should always be true.

tenantId

string

The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform instance in the project.

Response body

If successful, the response body contains data with the following structure:

Response message for accounts.signInWithPassword.

JSON representation
{
  "localId": string,
  "email": string,
  "displayName": string,
  "idToken": string,
  "profilePicture": string,
  "refreshToken": string,
  "expiresIn": string
}
Fields
localId

string

The ID of the authenticated user. Always present in the response.

email

string

The email of the authenticated user. Always present in the response.

displayName

string

The user's display name stored in the account's attributes.

idToken

string

An Identity Platform ID token for the authenticated user.

profilePicture

string

The user's profile picture stored in the account's attributes.

refreshToken

string

An Identity Platform refresh token for the authenticated user.

expiresIn

string (int64 format)

The number of seconds until the Identity Platform ID token expires.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.