GenAuth DocsDocuments
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Concepts
User Guide
Development Integration
AgentAuth
Metadata
Development Integration
Multi-tenant (beta)
Console Documentation
Multi-tenant Console
Tenant Console
Saas Application Demo
Old version
Development Integration

  • API

  • SDK

    • Java

    • Node.js

    • Python

      • Installation and Usage

      • Authentication Module

        • Login

          • Login with Account Password
          • Login with Username Password
          • Login with Phone Password
          • Login with Email Password
          • Login with Email Passcode
          • Login with Phone Passcode
          • Login with LDAP Account
          • Login with AD Account
          • Login with User Credentials
          • Login with Mobile Social Login
          • Get Alipay AuthInfo
          • Generate QR Code for Login
          • Check QR Code Status
          • Exchange TokenSet with QR Code Ticket
          • Custom APP QR Code Login: Change QR Code Status on APP Side

        • Logout

        • Register

        • User Profile

        • Account Binding

        • MFA Factor Management

        • User Related Resources

        • Message Service

        • WeChat Related APIs

        • Others

        • OIDC Module
        • OAuth Module
        • SAML Module
        • CAS Module
        • Events

      • Management Module

  • Error Codes
  1. Development Integration
  2. /
  3. SDK
  4. /
  5. Python
  6. /

  7. Authentication Module

  8. /

  9. Login

  10. /
  11. Login with Email Passcode

¶ Use email + verification code to log in

Update time: 2025-07-23 07:34:21
Edit

Use email + verification code to log in.

¶ Request parameters

NameType
Required
Default value
Description
Sample value
emailstrYes-Emailtest@example.com
pass_codestrYes-Email verification code1234
optionsSignInOptionsDtoNo-Optional parameters{"passwordEncryptType":"none"}

¶ Sample code

from authing import AuthenticationClient

# Initialize AuthenticationClient
authentication_client = AuthenticationClient(
    # GenAuth application ID
    app_id='GEN_AUTH_APP_ID',

    # GenAuth application secret
    app_secret='GEN_AUTH_APP_SECRET',

    # GenAuth application address, such as https://example.genauth.ai
    app_host='GEN_AUTH_APP_HOST',

    # GenAuth application login callback address, such as https://example.genauth.ai
    redirect_uri='GEN_AUTH_APP_REDIRECT_URI',
)

sign_in_resp = authentication_client.sign_in_by_email_passcode(
    email="test@example.com",
    pass_code="1234",
)
print(sign_in_resp)

¶ Request response

Type: LoginTokenRespDto

NameTypeDescription
statusCodenumberBusiness status code, which can be used to determine whether the operation is successful. 200 means success.
messagestringDescription
apiCodenumberSegmented error code, which can be used to get the specific error type.
requestIdstringRequest ID. It will be returned when the request fails.
dataLoginTokenResponseDataDtoResponse data

Sample result:

{
  "statusCode": 200,
  "message": "Operation successful",
  "requestId": "934108e5-9fbf-4d24-8da1-c330328abd6c",
  "data": {
    "token": "openid profile",
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOTMxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdSMAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtYUE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiLCJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXNzIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVhdi_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI055TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgkaDt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg",
    "refresh_token": "WPsGJbvpBjqXz6IJIr1UHKyrdVF",
    "token_type": "xxx",
    "expire_in": 7200
  }
}

¶ Data structure

¶ SignInOptionsDto

NameType
Required
Description
Sample value
scopestringnoThe permissions that need to be requested, must include openid. If you need to obtain the mobile phone number and email, you need to include phone email; if you need refresh_token, you need to include offline_access. Please separate multiple scopes with spaces. The decoded content of id_token will contain the user information related fields corresponding to these scopes.
- openid: Must be included.
- profile: Returns birthdate, family_name, gender, given_name, locale, middle_name, name, nickname, picture, preferred_username, profile, updated_at, website, zoneinfo fields.
- username: Returns username.
- email: Returns email, email_verified.
- phone: Returns phone_number, phone_number_verified.
- offline_access: If this parameter exists, the token interface will return the refresh_token field.
- roles: Returns the user's role list.
- external_id: User ID of the original system.
- extended_fields: Returns the extended field information of the user, the content is an object, the key is the extended field name, the value is the extended field value.
- tenant_id: Returns the tenant ID of the user.
openid profile
clientIpstringNoThe real IP address of the client. By default, GenAuth will identify the IP address of the request source as the IP address of the user's login. If you call this interface in the backend server, you need to set this IP to the user's real request IP.192.168.0.1
contextstringNoAdditional request context, which will be passed to the context object of Pipeline (opens new window) before and after authentication. Learn how to get additional context passed in the context parameter of Pipeline.​​{"source":"utm"}
tenantIdstringNoTenant ID625783d629f2bd1f5ddddd98c
customDataobjectNoTo set additional user custom data, you need to first configure custom data (opens new window) in the GenAuth console.{"school":"pku","age":"20"}
autoRegisterbooleanNoWhether to enable auto-registration. If set to true, an account will be automatically created for the user if it does not exist.
captchaCodestringNoCaptcha graphic verification code, case insensitive. When the security policy is set to verification code and the limit of failed logins is triggered, you need to fill in the graphic verification code for the next login.a8nz
passwordEncryptTypestringNoPassword encryption type, supports sm2 and rsa. No encryption is required by default.
- none: Do not encrypt the password and transmit it in plain text.
- rsa: Encrypt the password using the RSA256 algorithm. The RSA public key of the GenAuth service is required for encryption. Please read the Introduction section to learn how to obtain the RSA256 public key of the GenAuth service.
- sm2: Use National Encryption SM2 Algorithm (opens new window) to encrypt the password. You need to use the SM2 public key of the GenAuth service for encryption. Please read the Introduction section to learn how to obtain the SM2 public key of the GenAuth service.
sm2

¶ LoginTokenResponseDataDto

NameType
Is it required?
Description
Sample value
scopestringNoScope corresponding to access_tokenopenid profile
access_tokenstringNoAPI call credentials, authorized to access resources API within a limited timeeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3 gwdmJpNmlfS2MifQ.eyJqdGkiOiJ4R01uczd5cmNFckxiakNRVW9US1MiLCJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTk yMWU5YjAiLCJpc3MiOiJodHRwczovL2F1dGhpbmcuY24iLCJpYXQiOjE1NTQ1Mzc4NjksImV4cCI6MTU1NDU0MTQ2OS wic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBvZmZsaW5lX2FjY2VzcyBwaG9uZSBlbWFpbCIsImF1ZCI6IjVjYTc2NWUzOT MxOTRkNTg5MWRiMTkyNyJ9.wX05OAgYuXeYM7zCxhrkvTO_taqxrCTG_L2ImDmQjMml6E3GXjYA9EFK0NfWquUI2mdS MAqohX-ndffN0fa5cChdcMJEm3XS9tt6-_zzhoOojK-q9MHF7huZg4O1587xhSofxs-KS7BeYxEHKn_10tAkjEIo9QtY UE7zD7JXwGUsvfMMjOqEVW6KuY3ZOmIq_ncKlB4jvbdrduxy1pbky_kvzHWlE9El_N5qveQXyuvNZVMSIEpw8_y5iSxPxKfrVwGY7hBaF40Oph-d2PO7AzKvxEVMamzLvMGBMaRAP_WttBPAUSqTU5uMXwMafryhGdIcQVsDPcGNgMX6E1jzLA
id_tokenstringNoUser's identity credentials, which will contain user information after parsingeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gw dmJpNmlfS2MifQ.eyJzdWIiOiI1YzlmNzVjN2NjZjg3YjA1YTkyMWU5YjAiLCJub25jZSI6IjIyMTIxIiwiYXRfaGFzaCI 6Ik5kbW9iZVBZOEFFaWQ2T216MzIyOXciLCJzaWQiOiI1ODM2NzllNC1lYWM5LTRjNDEtOGQxMS1jZWFkMmE5OWQzZWIiL CJhdWQiOiI1Y2E3NjVlMzkzMTk0ZDU4OTFkYjE5MjciLCJleHAiOjE1NTQ1NDE0NjksImlhdCI6MTU1NDUzNzg2OSwiaXN zIjoiaHR0cHM6Ly9hdXRoaW5nLmNuIn0.IQi5FRHO756e_eAmdAs3OnFMU7QuP-XtrbwCZC1gJntevYJTltEg1CLkG7eVh di_g5MJV1c0pNZ_xHmwS0R-E4lAXcc1QveYKptnMroKpBWs5mXwoOiqbrjKEmLMaPgRzCOdLiSdoZuQNw_z-gVhFiMNxI0 55TyFJdXTNtExt1O3KmwqanPNUi6XyW43bUl29v_kAvKgiOB28f3I0fB4EsiZjxp1uxHQBaDeBMSPaRVWQJcIjAJ9JLgka Dt1j7HZ2a1daWZ4HPzifDuDfi6_Ob1ZL40tWEC7xdxHlCEWJ4pUIsDjvScdQsez9aV_xMwumw3X4tgUIxFOCNVEvr73Fg
refresh_tokenstringnorefresh_token is used to obtain a new AccessTokenWPsGJbvpBjqXz6IJIr1UHKyrdVF
token_typestringyestoken typexxx
expire_innumberyesexpiration time in seconds7200
Previous article: Login with Email Password Next article: Login with Phone Passcode
  • Request parameters
  • Sample code
  • Request response
  • Data structure

User identity management

Integrated third-party login
Customized authentication process

Enterprise internal management

Single sign-on
Multi-factor authentication
Permission management

Developer

Development Documentation
GitHub (opens new window)

Company

official@genauth.ai
16th Floor, Building B, Beichen Century Center, Chaoyang District, Beijing (Total)
Room 406, 4th Floor, Block B, No. 200, Tianfu Fifth Street, High-tech Zone, Chengdu (Branch)

© Beijing Steamory Technology Co., Ltd.