Submit a Login Flow
POST/self-service/login
Use this endpoint to complete a login flow. This endpoint behaves differently for API and browser flows.
API flows expect application/json to be sent in the body and responds with HTTP 200 and a application/json body with the session
token on success; HTTP 410 if the original flow expired with the appropriate error messages set and optionally a use_flow_id
parameter in the body; HTTP 400 on form validation errors.
Browser flows expect a Content-Type of application/x-www-form-urlencoded or application/json to be sent in the body and
respond with a HTTP 303 redirect to the post/after login URL or the return_to value if it was set and if the login succeeded; a
HTTP 303 redirect to the login UI URL with the flow ID containing the validation errors otherwise.
Browser flows with an accept header of application/json will not redirect but instead respond with HTTP 200 and a
application/json body with the signed in identity and a Set-Cookie header on success; HTTP 303 redirect to a fresh login flow if
the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors.
If this endpoint is called with Accept: application/json in the header, the response contains the flow without a redirect. In
the case of an error, the error.id of the JSON response body can be one of:
session_already_available: The user is already signed in. security_csrf_violation: Unable to fetch the flow because a CSRF
violation occurred. security_identity_mismatch: The requested ?return_to address is not allowed to be used. Adjust this in the
configuration! browser_location_change_required: Usually sent when an AJAX request indicates that the browser needs to open a
specific URL. Most likely used in Social Sign In flows.
More information can be found at Ory Kratos User Login and User Registration Documentation.
Request
Responses
- 200
- 303
- 400
- 410
- 422
- default
successfulNativeLogin
Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.
loginFlow
errorGeneric
errorBrowserLocationChangeRequired
errorGeneric