Login

Rocket.Chat supports various methods of authentication. The list of supported auth services (and their configurations) are in the meteor_accounts_loginServiceConfiguration collection.

Using username and password

To ensure the security of the user's account, it is important not to submit the user's password as plain text. Instead, apply a hashing algorithm (for example - sha-256).

The digest must be lowercase.

Payload Parameters

Argument Example Required Description

Argument	Example	Required
`user`	`{ "username": "him" }`
	Required	The user object containing either the username or email.
`password`	Required	The password object containing the hashed password and the hash algorithm

user

{ "username": "him" }

Required

The user object containing either the username or email.

password

Required

The password object containing the hashed password and the hash algorithm

Example Payload

       {
            "digest": "52c53f4abbfe42e1ccd4fd9d864453ee57f8efbd4c9ecec6d88bd83d7f7a9c02",
            "algorithm":"sha-256"
     }

Example Call

{
    "msg": "method",
    "method": "login",
    "id":"42",
    "params":[
        {
            "user": { "username": "him" },
            "password": {
                "digest": "52c53f4abbfe42e1ccd4fd9d864453ee57f8efbd4c9ecec6d88bd83d7f7a9c02",
                "algorithm":"sha-256"
            }
        }
    ]
}

Example Response

Success

{
    "msg": "result",
    "id": "42",
    "result": {
        "id": "3Dw26TXWxvi8gwfgM",
        "token": "72kB2z5SpnWG-vOSKaAXku74PV851pVOVAoC67FpFEI",
        "tokenExpires": {
            "$date": 1696417505309
        },
        "type": "password"
    }
}

Error

{
    "msg": "result",
    "id": "42",
    "error": {
        "error": 403,
        "reason": "Incorrect password",
        "message": "Incorrect password [403]",
        "errorType": "Meteor.Error"
    }
}

Using an authentication token

You can use a previous user authentication token or a Personal Access Token to log in a user.

Payload Parameters

Argument Example Required Description

Argument	Example	Required	Description
`resume`	`5BwhTeEXiTmU_8uKxGuy4pqWRHRP73QpJYmoSWfBpc`	Required	A personal access token or previous authToken of the user.

resume

5BwhTeEXiTmU_8uKxGuy4pqWRHRP73QpJYmoSWfBpc

Required

A personal access token or previous authToken of the user.

Example Call

{
    "msg": "method",
    "method": "login",
    "id": "42",
    "params":[
        { "resume": "auth-token" }
    ]
}

Example Response

This success response format remains the same irrespective of the login method used.

{
    "msg": "result",
    "id": "42",
    "result": {
        "id": "LFdhbcNHx5zsMA7T4",
        "token": "5BwhTeEXiTmU_8uKxGuy4pqWRHRP73QpJYmoSWfBpcB",
        "tokenExpires": {
            "$date": 1696418806422
        },
        "type": "resume"
    }
}

If the auth-token is expired, send another login request to get a new authToken with a new expiration date.

Using Authentication providers

OAuth is used to support additional auth providers.

Example Call

{
    "msg": "method",
    "method": "login",
    "id":"42",
    "params": [
        {
            "oauth": {
                "credentialToken":"credential-token",
                "credentialSecret":"credential-secret"
            }
        }
    ]
}

Last updated 8 months ago