GenAuth DocsDocuments
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Old version
Development Integration

  • API

  • SDK

    • Java

      • Installation and use

      • User authentication module

        • Login

          • Account password login
          • Username password login
          • Mobile phone number password login
          • Email password login
          • Login by email verification code
          • Login by mobile phone verification code
          • LDAP account login
          • AD account login
          • Generate login address
          • Login with user credentials
          • Login with mobile social networking
          • Get Alipay AuthInfo
          • Generate a QR code for login
          • Query QR code status
          • Use QR code ticket to exchange for TokenSet
          • Self-built APP scan code login: APP end modifies QR code status

        • Logout

        • Manage Token

        • Register

        • User information

        • Account Binding

        • MFA Factor Management

        • User-related resources

        • Message service

        • Authentication

        • Others

        • OIDC module
        • OAuth module
        • SAML module
        • CAS module
        • Events

      • Management module

    • Node.js

    • Python

  • Error Codes
  1. Development Integration
  2. /
  3. SDK
  4. /
  5. Java
  6. /

  7. User authentication module

  8. /

  9. Login

  10. /
  11. Account password login

¶ Use account (mobile phone number/email/user name) + password to log in

Update time: 2025-07-23 07:34:21
Edit

Use account (mobile phone number/email/user name) + password to log in, mobile phone number, email address, and username can be matched at will.

¶ Request Parameters

NameType
Required
Default value
Description
Sample value
accountStringYes-Phone number or username or emailtest
passwordStringYes-User password, not encrypted by default. All GenAuth APIs transmit passwords securely via the HTTPS protocol, which can ensure security to a certain extent. If you need a higher level of security, we also support RSA256 and the national secret SM2 password encryption methods. For details, see the optional parameter options.passwordEncryptType.passw0rd
optionsSignInOptionsDtoNo-Optional parameters{"passwordEncryptType":"none"}

¶ Sample Code

import cn.authing.sdk.java.client.AuthenticationClient;
import cn.authing.sdk.java.dto.LoginTokenRespDto;
import cn.authing.sdk.java.dto.SignInByPasswordPayloadDto;
import cn.authing.sdk.java.dto.SignInOptionsDto;
import cn.authing.sdk.java.dto.SigninByCredentialsDto;
import cn.authing.sdk.java.enums.AuthMethodEnum;
import cn.authing.sdk.java.model.AuthenticationClientOptions;
import cn.authing.sdk.java.util.JsonUtils;

public class SignInByAccountPasswordTest {
    // Need to be replaced with your GenAuth App ID
    private static final String APP_ID = "AUTHING_APP_ID";
    // Need to be replaced with your GenAuth App Secret
    private static final String APP_SECRET = "AUTHING_APP_SECRET";
    // Need to be replaced with your GenAuth App Host
    private static final String APP_HOST = "AUTHING_APP_HOST";

    public static void main(String[] args) throws Throwable {
        AuthenticationClientOptions clientOptions = new AuthenticationClientOptions();
        clientOptions.setAppId(APP_ID);
        clientOptions.setAppSecret(APP_SECRET);
        clientOptions.setAppHost(APP_HOST);

        AuthenticationClient client = new AuthenticationClient(clientOptions);

        LoginTokenRespDto response = client.signInByAccountPassword(
                "test",
                "test",
                new SignInOptionsDto());
        System.out.println(JsonUtils.serialize(response));
    }
}

¶ Request Response

Type: LoginTokenRespDto

NameTypeDescription
statusCodenumberBusiness status code, which can be used to determine whether the operation is successful. 200 means success.
messagestringDescription
apiCodenumberSegmented error code, which can be used to get the specific error type.
requestIdstringRequest ID. Returned when the request fails.
dataLoginTokenResponseDataDtoResponse data

Example Results:

{
  "statusCode": 200,
  "message": "Operation successful",
  "requestId": "934108e5-9fbf-4d24-8da1-c330328abd6c",
  "data": {
    "scope": "openid profile",
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOTMxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdSMAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtYUE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiLCJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXNzIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVhdi_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI055TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgkaDt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg",
    "refresh_token": "WPsGJbvpBjqXz6IJIr1UHKyrdVF",
    "token_type": "xxx",
    "expire_in": 7200
  }
}

¶ Data Structure

¶ SignInOptionsDto

NameType
Is it required
Description
Example Value
scopestringnoThe permissions that need to be requested, must include openid. If you need to obtain the mobile phone number and email, you need to include phone email; if you need refresh_token, you need to include offline_access. Please separate multiple scopes with spaces. The decoded content of id_token will contain the user information related fields corresponding to these scopes.
- openid: Must be included.
- profile: Returns birthdate, family_name, gender, given_name, locale, middle_name, name, nickname, picture, preferred_username, profile, updated_at, website, zoneinfo fields.
- username: Returns username.
- email: Returns email, email_verified.
- phone: Returns phone_number, phone_number_verified.
- offline_access: If this parameter exists, the token interface will return the refresh_token field.
- roles: Returns the user's role list.
- external_id: The user ID of the original system.
- extended_fields: Returns the user's extended field information, the content is an object, the key is the extended field name, and the value is the extended field value.
- tenant_id: Returns the user's tenant ID.
openid profile
clientIpstringNoThe real IP address of the client. By default, GenAuth will identify the IP address of the request source as the IP address of the user's login. If you call this interface in the backend server, you need to set this IP to the user's real request IP.192.168.0.1
contextstringnoAdditional request context that will be passed to the context object of the Pipeline (opens new window) before and after authentication. Learn how to get additional context passed in the context parameter of the Pipeline (opens new window).{"source":"utm"}
tenantIdstringnoTenant ID625783d629f2bd1f5ddddd98c
customDataobjectNoTo set additional user custom data, you need to configure custom data (opens new window) in the GenAuth console first.{"school":"pku","age":"20"}
autoRegisterbooleannoWhether to enable automatic registration. If set to true, when the user does not exist, an account will be automatically created for him.
captchaCodestringNoCaptcha Graphic verification code, case insensitive. When the security policy is set to verification code and the limit on failed logins is triggered, you will need to fill in the graphic verification code for the next login.a8nz
passwordEncryptTypestringNoPassword encryption type, supports sm2 and rsa. No encryption is allowed by default.
- none: Do not encrypt the password and transmit it in plain text.
- rsa: Use the RSA256 algorithm to encrypt the password. You need to use the RSA public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the RSA256 public key of the GenAuth service.
- sm2: Use the National Secret SM2 Algorithm (opens new window) to encrypt the password. You need to use the SM2 public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the SM2 public key of the GenAuth service.
sm2

¶ LoginTokenResponseDataDto

NameType
Is it required?
Description
Sample value
scopestringNoScope corresponding to access_tokenopenid profile
access_tokenstringNoAPI call credentials, authorized to access resources API within a limited timeeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3 gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTk yMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OS wic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOT MxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdS MAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtY UE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA
id_tokenstringNoUser's identity credentials, which will contain user information after parsingeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gw dmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI 6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiL CJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXN zIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVh di_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI0 55TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgka Dt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg
refresh_tokenstringnorefresh_token is used to obtain a new AccessTokenWPsGJbvpBjqXz6IJIr1UHKyrdVF
token_typestringyestoken typexxx
expire_innumberyesexpiration time in seconds7200
Previous article: Installation and use Next article: Username password login
  • Request Parameters
  • Sample Code
  • Request Response
  • Data Structure

User identity management

Integrated third-party login
Customized authentication process

Enterprise internal management

Single sign-on
Multi-factor authentication
Permission management

Developer

Development Documentation
GitHub (opens new window)

Company

official@genauth.ai
16th Floor, Building B, Beichen Century Center, Chaoyang District, Beijing (Total)
Room 406, 4th Floor, Block B, No. 200, Tianfu Fifth Street, High-tech Zone, Chengdu (Branch)

© Beijing Steamory Technology Co., Ltd.