# [OAuth 2.0] JWT auth by username and password

Authenticates the user by the username/email and password and returns a JWT. Exchanging the code to a JWT via the Generate JWT call is not needed.

Endpoint: POST /oauth2/login/token
Version: v1

## Query parameters:

  - `client_id` (integer, required)
    Your application ID. Get it after creating an OAuth 2.0 client.

  - `scope` (string)
    Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account.

Can be:
* email for Auth via social network or Get link for social auth calls to request an email from the user additionally.
* offline to use refresh_token from Generate JWT call to refresh the JWT when it is expired.
* playfab to write SessionTicket to the session_ticket claim of the JWT if you store user data at PlayFab.

If you process your own values of the scope parameter, that are not mentioned above, you can set them when using this call. The Xsolla Login server does not process these values, but returns them in the received JWT.

## Request fields (application/json):

  - `password` (string, required)
    User password.
    Example: "password123"

  - `username` (string, required)
    Username or email address.
    Example: "John"

## Response 200 fields (application/json):

  - `access_token` (string, required)
    User JWT.

  - `expire_in` (integer)
    JWT expiration period in seconds. Default value is 3600 seconds.

  - `refresh_token` (string)
    Refresh token for updating the access_token.

  - `token_type` (string, required)
    JWT type with bearer value.

## Response 400 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 401 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 404 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 422 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.

## Response 429 fields (application/json):

  - `error` (object, required)

  - `error.code` (string, required)
    Error code.
    Example: "003-061"

  - `error.description` (string, required)
    Error description.
    Example: "Object not found."

  - `error.details` (object)
    Additional information.