Last updated 2026-05-20
Use this for a login response, a session-bootstrap call, or a refresh-token flow. The shape covers the authenticated user payload plus a short-lived access token and a long-lived refresh token.
{
"id": 1,
"username": "emilys",
"email": "emily.johnson@x.example",
"firstName": "Emily",
"lastName": "Johnson",
"gender": "female",
"image": "https://jsonexamples.com/image/200?text=User+1",
"accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzAwMDAwMDAwfQ.signature",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzAwMDAwMDAwfQ.refresh"
}fetch('https://jsonexamples.com/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username: 'emilys', password: 'emilyspass' })
})
.then(r => r.json())
.then(session => console.log(session.accessToken));const { data: session } = await axios.post('https://jsonexamples.com/auth/login', {
username: 'emilys',
password: 'emilyspass'
});curl -X POST https://jsonexamples.com/auth/login \
-H 'Content-Type: application/json' \
-d '{"username":"emilys","password":"emilyspass"}'session = requests.post(
'https://jsonexamples.com/auth/login',
json={'username': 'emilys', 'password': 'emilyspass'},
timeout=5
).json()const res = await fetch('https://jsonexamples.com/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username: 'emilys', password: 'emilyspass' })
});
const session = await res.json();Same shape, returned by POST /auth/refresh.
{
"accessToken": "eyJhbGciOiJIUzI1NiJ9.new.accesstoken",
"refreshToken": "eyJhbGciOiJIUzI1NiJ9.new.refreshtoken"
}Returned when you call /auth/me with the Bearer token attached.
{
"id": 1,
"username": "emilys",
"email": "emily.johnson@x.example",
"firstName": "Emily",
"lastName": "Johnson"
}Matching error envelope; see the 401 Unauthorized example for the full shape.
{
"message": "Invalid credentials",
"code": "auth/invalid_credentials"
}Generated starting points for TypeScript, JSON Schema, and Zod. Refine before shipping to production.
export interface AuthSession {
"id": number;
"username": string;
"email": string;
"firstName": string;
"lastName": string;
"gender": string;
"image": string;
"accessToken": string;
"refreshToken": string;
}{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "AuthSession",
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"username": {
"type": "string"
},
"email": {
"type": "string"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"gender": {
"type": "string"
},
"image": {
"type": "string"
},
"accessToken": {
"type": "string"
},
"refreshToken": {
"type": "string"
}
},
"required": [
"id",
"username",
"email",
"firstName",
"lastName",
"gender",
"image",
"accessToken",
"refreshToken"
],
"additionalProperties": false
}import { z } from 'zod';
export const AuthSessionSchema = z.object({
id: z.number(),
username: z.string(),
email: z.string(),
firstName: z.string(),
lastName: z.string(),
gender: z.string(),
image: z.string(),
accessToken: z.string(),
refreshToken: z.string()
});
export type AuthSession = z.infer<typeof AuthSessionSchema>;