# Password Authentication

Endpoint for authentication using an email and password for a user already registered at Verifiable. In return you will receive an access token that can be used in the following API calls.

Note: The account may require a password change for successful authentication. If password change is required and newPassword is not set the server returns 409 Conflict.
If newPassword is set but the current password is not correct the server returns 403 Forbidden.

Note: If newPassword is set it must be different than the current password. If the password is the same the server returns 400 Bad Request.

Note: When newPassword is set and the request returns 200 Ok, all the active access tokens will be invalidated.

Endpoint: POST /auth/token/password
Version: 26.2.0.4309

## Request fields (application/json):

  - `email` (string, required)
    The email address of a previously registered user.
    Example: "john.doe@mail.com"

  - `password` (string, required)
    The password associated with the email address.
    Example: "secret"

  - `newPassword` (string)
    If set, the password associated with the email address will be changed to this new password.
    Example: "even-more-secret"

  - `timeToLive` (string)
    If set, the created token will expire after the duration specified by this parameter. Note that the token will still be expired after 4 weeks of no use, regardless of the time to live. Additionally there might be a limit set for your organization. If the requested time-to-live exceeds this limit the token will be capped to that limit.
    Example: "00:30:00"

## Response 200 fields (application/json):

  - `tokenId` (string)
    Unique identifier for this token. This can be used to invalidate a token.
    Example: "0847312d-19fe-49d2-9e21-5825735b511a"

  - `token` (string)
    The access token to be used in following API calls.
    Example: "MtetyFcIW...xgXXX-Z4yy"

  - `email` (string)
    The e-mail address of the user. It will either be the same e-mail address used on the password authentication or the e-mail address of the Google account in the case of Google authentication.

  - `role` (object)

  - `role.id` (string)

  - `role.name` (string)
    Enum: "Admin", "LimitedAdmin", "Credentialing", "LimitedCredentialing", "Reader", "LimitedReader"

  - `role.permissions` (object,null)

  - `expiresAt` (string)
    Expiration time of the access token.

  - `persistenceHint` (string)
    Enum: "Persistent", "Ephemeral"


## Response 400 fields

## Response 401 fields

## Response 403 fields

## Response 409 fields

## Response 500 fields