auth.login_ex_continue¶
Continue in-progress authentication attempt. This endpoint should be called to continue an auth.login_ex attempt that returned OTP_REQUIRED.
This is a convenience wrapper around auth.login_ex for API consumers.
params: mechanism: the mechanism by which to continue authentication. Currently the only supported mechanism here is OTP_TOKEN.
OTP_TOKEN otp_token: one-time password token. This is only permitted if a previous auth.login_ex call responded with “OTP_REQUIRED”.
returns: JSON object containing the following keys:
response_type - will be one of the following: SUCCESS - continued auth was required
OTP_REQUIRED - otp token was rejected. API consumer may call this endpoint again with correct OTP token.
AUTH_ERR - invalid OTP token submitted too many times.
No Additional Items
Tuple Validation
Parameter 1: login_data
login_data
Type: objectOTP token data to continue two-factor authentication flow.
No Additional PropertiesMechanism
Type: constAuthentication mechanism identifier for one-time password tokens.
Must be one of:
- "OTP_TOKEN"
"OTP_TOKEN" Otp Token
Type: stringOne-time password token for authentication.
AuthCommonOptions
Type: object Default: {"user_info": true}Additional options for the authentication process.
No Additional PropertiesUser Info
Type: boolean Default: trueWhether to include detailed user information in the authentication response.
Result
Authentication response after continuing with OTP token.
AuthRespSuccess
Type: objectNo Additional Properties
Response Type
Type: constAuthentication response type indicating successful login.
Must be one of:
- "SUCCESS"
"SUCCESS" Authenticated user information or null if not available.
AuthUserInfo
Type: objectNo Additional Properties
Pw Name
Type: stringName of the user.
Pw Gecos
Type: stringFull username or comment field.
Pw Dir
Type: stringUser home directory.
Pw Shell
Type: stringUser command line interpreter.
Pw Uid
Type: integerNumerical user ID of the user.
Pw Gid
Type: integerNumerical group id for the user's primary group.
Grouplist
Optional array of group IDs for groups of which this account is a member. If get_groups is not specified, this value will be null.
No Additional Items
Each item of this array must be:
Sid
Optional SID value for the account that is present if sid_info is specified in payload.
Source
Type: enum (of string)The source for the user account.
Must be one of:
- "LOCAL"
- "ACTIVEDIRECTORY"
- "LDAP"
Local
Type: booleanThe account is local to TrueNAS or provided by a directory service.
Attributes
Type: objectCustom user attributes and metadata.
Two Factor Config
Type: objectTwo-factor authentication configuration for the user.
Privilege
Type: objectUser privilege and role information.
Account Attributes
Type: array of stringArray of account attribute names available for this user.
No Additional ItemsEach item of this array must be:
Authenticator
Type: enum (of string)Authentication level achieved (LEVEL1 for password, LEVEL2 for two-factor).
Must be one of:
- "LEVEL_1"
- "LEVEL_2"
AuthRespAuthErr
Type: objectNo Additional Properties
Response Type
Type: constAuthentication response type indicating authentication failure.
Must be one of:
- "AUTH_ERR"
"AUTH_ERR" AuthRespExpired
Type: objectNo Additional Properties
Response Type
Type: constAuthentication response type indicating the session or token has expired.
Must be one of:
- "EXPIRED"
"EXPIRED" AuthRespOTPRequired
Type: objectNo Additional Properties
Response Type
Type: constAuthentication response type indicating one-time password is required.
Must be one of:
- "OTP_REQUIRED"
"OTP_REQUIRED" Username
Type: stringUsername for which OTP is required.
AuthRespAuthRedirect
Type: objectNo Additional Properties
Response Type
Type: constAuthentication response type indicating redirect is required.
Must be one of:
- "REDIRECT"
"REDIRECT" Urls
Type: array of stringArray of URLs to redirect to for authentication completion.
No Additional ItemsEach item of this array must be:
Required roles: