Avnology ID
API ReferenceAuth Flows

Create Login Flow

Initiate a new login flow that returns UI nodes for rendering a custom login form.

Endpoint

GET /v1/flows/login

Base URL: https://api-id.avnology.net

Authentication: None required (public endpoint)

Creates a new login flow and returns the initial UI with form fields for all enabled authentication methods (password, passkeys, social login, etc.). This is the first step in building a custom login experience.

How Auth Flows Work

Auth flows follow a three-step pattern:

  1. Create the flow (this endpoint) -- returns a flow object with UI nodes
  2. Render the form based on the UI nodes (your frontend code)
  3. Submit the form (POST to Submit Login) -- returns success, error, or MFA challenge

The flow object contains everything your UI needs: form fields, CSRF tokens, social login buttons, and validation messages.

Request

Query Parameters

ParameterTypeRequiredDescription
refreshbooleanNoForce re-authentication even with an active session
return_tostringNoURL to redirect after successful login
login_challengestringNoOAuth2 login challenge (for OAuth authorization flows)
organization_idstringNoRestrict login to a specific organization
aalstringNoRequired assurance level: aal1, aal2, aal3, highest_available

Example Request

curl "https://api-id.avnology.net/v1/flows/login?return_to=https://app.acme.com/dashboard" \
  -H "Accept: application/json"

With organization restriction:

curl "https://api-id.avnology.net/v1/flows/login?organization_id=org_7a2b3c4d&aal=aal1" \
  -H "Accept: application/json"

Response

Success (200 OK)

{
  "id": "f1a2b3c4-d5e6-7890-abcd-ef1234567890",
  "type": "login",
  "state": "choose_method",
  "expires_at": "2026-04-08T12:30:00Z",
  "issued_at": "2026-04-08T12:00:00Z",
  "return_to": "https://app.acme.com/dashboard",
  "organization_id": "",
  "active": "",

Understanding UI Nodes

The ui.nodes array contains everything needed to render the login form:

Node GroupDescription
defaultHidden fields (CSRF token) -- always include when submitting
passwordEmail/password form fields and submit button
oidcSocial login buttons (Google, GitHub, Microsoft, etc.)
webauthnPasskey/WebAuthn trigger button
codePasswordless email/SMS code fields
passkeyPasskey API flow (for mobile native apps)

Each node's attributes.name and attributes.value should be included in the form submission. Group nodes by group to render them in distinct UI sections.

Errors

StatusCodeDescription
400AVNOLOGY_AUTH_902Invalid query parameters
410AVNOLOGY_AUTH_009Flow expired (if fetching an old flow)

Code Examples

JavaScript (fetch)

async function createLoginFlow(returnTo) {
  const url = new URL('https://api-id.avnology.net/v1/flows/login');
  if (returnTo) url.searchParams.set('return_to', returnTo);

  const response = await fetch(url, {
    headers: { 'Accept'

Python (httpx)

import httpx

def create_login_flow(return_to: str | None = None) -> dict:
    params = {}
    if return_to:
        params["return_to"]

Go (net/http)

func createLoginFlow(ctx context.Context, returnTo string) (*AuthFlow, error) {
	u, _ := url.Parse(
  • Submit Login -- submit credentials to complete login
  • Create Registration Flow -- create a new account instead
  • Get Session -- validate an existing session
  • SDK: client.auth.createLoginFlow() (TypeScript), client.Auth.CreateLoginFlow() (Go)

Rate Limits

Per-endpoint rate limits, response headers, and retry strategies for the Avnology ID API.

Submit Login

Submit credentials to a login flow to authenticate a user with password, passkey, social login, or MFA.

On this page

EndpointHow Auth Flows WorkRequestQuery ParametersExample RequestResponseSuccess (200 OK)Understanding UI NodesErrorsCode ExamplesJavaScript (fetch)Python (httpx)Go (net/http)Related