API login with email and password

Is there a way to login a user with their email and password and receive a token back using the authentication api. I am making the api call from a mobile client app. Thanks in advance.

if you’re making an api call from a mobile web app I would suggest using the Implicit Grant and you’ll get an access token back. Here are some helpful documentation on the Implicit Grant: Implicit Flow with Form Post, https://auth0.com/docs/api-auth/grant/implicit.

There is also the Authorization Code (PKCE) for native apps. More documentation for the Authorization Code Gran: Call Your API Using the Authorization Code Flow with PKCE

Thank you for your response. I have looked at those examples and I am still confused. It seems to me that there should be a way to put the email and password into the body of a request and call an endpoint to get a token. I do not see any of those examples using the users email and password. Is there anyway that you can show me an example on how to perform this action? Thanks.


:wave: @victor.altadonna I wanted to follow up and see if you were able to implement your solution or if we could still provide you with some assistance?

he documentation you linked to shows how you can provide a completely different experience for users that are invited versus users that are just resetting their passwords.

In theory, if you are okay with using the same reset password page then you can consider creating the user with the email already set to verified, prevent any built-in emails from being sent, request a password change ticket to be generated through the Management API and send your custom invitation email with a link to the password change ticket. Given you will be creating the user with a random password the only way for them to access the account is to use the change password ticket delivered to their email which proves ownership of the email in question.

Is anybody going to answer the original question? Is there an API call that, given a client_id, client_secret, user_name and password, returns a token? I have the same need. Redirecting to the auth0 website, or even the domain I set up with Auth0, causes no end of grief to the design and functionality of the mobile version of the website, which is a PWA. I want to take over all aspects of the UI, and I don’t ever want the browser to navigate away from it. Is this possible? There used to be a real login method like this, but it is depreciated.


This answer to this post was how I figured out how to implement a custom ui with using auth0 authentication api.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.