The Authenticate method wraps the Authenticate Password API endpoint. This endpoint verifies that the Member has a password currently set, and that the entered password is correct.
There are cases where this endpoint will return a reset_password error even if the password entered is correct. View our API Docs for complete details.
If this method succeeds, the Member will be logged in, granted an active session, and the session cookies will be minted and stored in the browser.
If there is a current Member Session, the SDK will call the endpoint with the session token. This will add the new factor to the existing Member Session.
If there is an intermediate session token, the SDK will call the endpoint with it. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a Member Session. If not, the same intermediate session token will be returned.
If this method succeeds and the Member is not required to complete MFA, the Member will be logged in, granted an active session, and the session data will be persisted on device.
If this method succeeds and MFA is required, the intermediate session token will be persisted on device.
You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook.