Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Arvo-AI/aurora/llms.txt

Use this file to discover all available pages before exploring further.

Endpoint

POST /api/auth/login
Authenticates a user with their email and password credentials. Returns user information on successful authentication.

Request Body

email
string
required
User’s email address
password
string
required
User’s password (minimum 8 characters)

Response

id
integer
User’s unique database ID
email
string
User’s email address
name
string
User’s display name (may be null)

Example Request

cURL
curl -X POST http://localhost:5080/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "mySecurePassword123"
  }'
JavaScript
const response = await fetch('http://localhost:5080/api/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'mySecurePassword123',
  }),
});

const data = await response.json();
console.log(data);
Python
import requests

response = requests.post(
    'http://localhost:5080/api/auth/login',
    json={
        'email': 'user@example.com',
        'password': 'mySecurePassword123'
    }
)

data = response.json()
print(data)

Example Response

{
  "id": 12345,
  "email": "user@example.com",
  "name": "John Doe"
}

Security Notes

Timing Attack Prevention

The login endpoint implements protection against timing attacks:
  1. Password verification always runs, even if the user doesn’t exist
  2. A dummy bcrypt hash is used when the user is not found
  3. This ensures consistent response times regardless of whether the user exists

Password Verification

  • Passwords are verified using bcrypt’s secure comparison
  • Original password is never stored or logged
  • Only the bcrypt hash is stored in the database

Error Handling

Status CodeDescription
200Authentication successful
400Invalid request body or missing required fields
401Invalid email or password
500Internal server error

Frontend Integration

The frontend uses Auth.js (NextAuth.js) for authentication: 
import { signIn } from "next-auth/react"

const result = await signIn("credentials", {
  email,
  password,
  redirect: false,
})

if (result?.error) {
  // Handle authentication error
  console.error("Login failed:", result.error)
} else if (result?.ok) {
  // Authentication successful
  // Auth.js automatically manages the session
  router.push("/dashboard")
}

Register

Create a new user account

Change Password

Update user password

Build docs developers (and LLMs) love

Get started for freeTalk to us