Authenticates a user with email and password and returns session tokens.

POST /login

Validates credentials using ASP.NET Core Identity. On success, finalizes login, issues JWT access and refresh tokens, and (for browser clients) sets the access token in an HttpOnly cookie named token (1-day expiry, Secure, SameSite=Strict).

Errors: Returns 400 Bad Request for invalid model state or bad credentials.

Authenticates a user with email and password and returns session tokens.

/login

Request​

Responses​

Request

Responses