GenAuth DocsDocuments
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Old version
Development Integration

  • API

  • SDK

    • Java

    • Node.js

    • Python

      • Installation and Usage

      • Authentication Module

        • Login

          • Login with Account Password
          • Login with Username Password
          • Login with Phone Password
          • Login with Email Password
          • Login with Email Passcode
          • Login with Phone Passcode
          • Login with LDAP Account
          • Login with AD Account
          • Login with User Credentials
          • Login with Mobile Social Login
          • Get Alipay AuthInfo
          • Generate QR Code for Login
          • Check QR Code Status
          • Exchange TokenSet with QR Code Ticket
          • Custom APP QR Code Login: Change QR Code Status on APP Side

        • Logout

        • Register

        • User Profile

        • Account Binding

        • MFA Factor Management

        • User Related Resources

        • Message Service

        • WeChat Related APIs

        • Others

        • OIDC Module
        • OAuth Module
        • SAML Module
        • CAS Module
        • Events

      • Management Module

  • Error Codes
  1. Development Integration
  2. /
  3. SDK
  4. /
  5. Python
  6. /

  7. Authentication Module

  8. /

  9. Login

  10. /
  11. Login with AD Account

¶ Login with AD account and password

Update time: 2025-07-23 07:34:21
Edit

Login with AD account and password.

¶ Request parameters

NameType
Is it required
Default value
Description
Sample value
sAMAccountNamestrYes-sAMAccountName of the account in the AD user directorytest
passwordstrYes-User password, not encrypted by default. All GenAuth APIs use the HTTPS protocol to securely transmit passwords, which can ensure security to a certain extent. If you need a higher level of security, we also support RSA256 and the national secret SM2 password encryption method. For details, see the optional parameter options.passwordEncryptType.passw0rd
optionsSignInOptionsDtoNo-Optional parameters{"passwordEncryptType":"none"}

¶ Sample code

from authing import AuthenticationClient

# Initialize AuthenticationClient
authentication_client = AuthenticationClient(
    # GenAuth application ID
    app_id='GEN_AUTH_APP_ID',

    # GenAuth application secret
    app_secret='GEN_AUTH_APP_SECRET',

    # GenAuth application address, such as https://example.genauth.ai
    app_host='GEN_AUTH_APP_HOST',

    # GenAuth application login callback address
    redirect_uri='GEN_AUTH_APP_REDIRECT_URI',
)

sign_in_resp = authentication_client.sign_in_by_ad(
    sAMAccountName="test",
    password="passw0rd",
)
print(sign_in_resp)

¶ Request response

Type: LoginTokenRespDto

NameTypeDescription
statusCodenumberBusiness status code, which can be used to determine whether the operation is successful. 200 means success.
messagestringDescription
apiCodenumberSegmented error code, which can be used to get the specific error type.
requestIdstringRequest ID. It will be returned when the request fails.
dataLoginTokenResponseDataDtoResponse data

Sample result:

{
  "statusCode": 200,
  "message": "Operation successful",
  "requestId": "934108e5-9fbf-4d24-8da1-c330328abd6c",
  "data": {
    "token": "openid profile",
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOTMxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdSMAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtYUE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiLCJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXNzIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVhdi_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI055TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgkaDt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg",
    "refresh_token": "WPsGJbvpBjqXz6IJIr1UHKyrdVF",
    "token_type": "xxx",
    "expire_in": 7200
  }
}

¶ Data structure

¶ SignInOptionsDto

NameType
Is it required
Description
Sample value
scopestringNoThe permissions that need to be requested must include openid. If you need to obtain the mobile phone number and email, you need to include phone email; if you need refresh_token, you need to include offline_access. Please separate multiple scopes with spaces. The decoded content of id_token will contain the user information related fields corresponding to these scopes.
- openid: Must be included.
- profile: Returns birthdate, family_name, gender, given_name, locale, middle_name, name, nickname, picture, preferred_username, profile, updated_at, website, zoneinfo fields.
- username: Returns username.
- email: Returns email, email_verified.
- phone: Returns phone_number, phone_number_verified.
- offline_access: If this parameter exists, the token interface will return the refresh_token field.
- roles: Returns the user's role list.
- external_id: The user ID of the original system.
- extended_fields: Returns the user's extended field information, the content is an object, the key is the extended field name, and the value is the extended field value.
- tenant_id: Returns the user's tenant ID.
openid profile
clientIpstringNoThe real IP address of the client. By default, GenAuth will identify the IP address of the request source as the IP address of the user logging in. If you call this interface in the backend server, you need to set this IP to the user's real request IP.192.168.0.1
contextstringNoAdditional request context will be passed to the context object of the Pipeline (opens new window) before and after authentication. Learn how to get the additional context passed in the context parameter of Pipeline (opens new window).{"source":"utm"}
tenantIdstringNoTenant ID625783d629f2bd1f5ddddd98c
customDataobjectNoTo set additional user defined data, you need to first configure custom data (opens new window) in the GenAuth console.{"school":"pku","age":"20"}
autoRegisterbooleanNoWhether to enable automatic registration. If set to true, when the user does not exist, an account will be automatically created for him.
captchaCodestringNoCaptcha is a case-insensitive verification code. When the security policy is set to verification code and the limit on failed logins is triggered, you will need to enter the verification code next time you log in.a8nz
passwordEncryptTypestringNoPassword encryption type, supports sm2 and rsa. No encryption is required by default.
- none: Do not encrypt the password and transmit it in plain text.
- rsa: Use the RSA256 algorithm to encrypt the password. You need to use the RSA public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the RSA256 public key of the GenAuth service.
- sm2: Use the National Secret SM2 Algorithm (opens new window) to encrypt the password. You need to use the SM2 public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the SM2 public key of the GenAuth service.
sm2

¶ LoginTokenResponseDataDto

NameType
Is it required?
Description
Sample value
scopestringNoScope corresponding to access_tokenopenid profile
access_tokenstringNoAPI call credentials, authorized to access resources API within a limited timeeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3 gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTk yMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OS wic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOT MxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdS MAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtY UE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA
id_tokenstringNoUser's identity credentials, which will contain user information after parsingeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gw dmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI 6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiL CJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXN zIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVh di_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI0 55TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgka Dt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg
refresh_tokenstringnorefresh_token is used to obtain a new AccessTokenWPsGJbvpBjqXz6IJIr1UHKyrdVF
token_typestringyestoken typexxx
expire_innumberyesexpiration time in seconds7200
Previous article: Login with LDAP Account Next article: Login with User Credentials
  • Request parameters
  • Sample code
  • Request response
  • Data structure

User identity management

Integrated third-party login
Customized authentication process

Enterprise internal management

Single sign-on
Multi-factor authentication
Permission management

Developer

Development Documentation
GitHub (opens new window)

Company

official@genauth.ai
16th Floor, Building B, Beichen Century Center, Chaoyang District, Beijing (Total)
Room 406, 4th Floor, Block B, No. 200, Tianfu Fifth Street, High-tech Zone, Chengdu (Branch)

© Beijing Steamory Technology Co., Ltd.