1. Authentication interfaces

There are different authentication controllers.


This controller is used to authenticate simple credentials of event or time based tokens. I.e. the controller has functions like check, check_s, simplecheck… to basically take a username and password to authenticate this user.

The validate controller is also used for challenge response authentication. See Challenge Response for this behaviour.

The methods are called as a HTTP GET/POST request and the described parameters are added as HTTP parameters.

The response of the HTTP Request will usually be a JSON object.


To every authentication controller you can add the parameter httperror followed by an HTTP error code. If LinOTP would return HTTP 200/OK with status: false in the JSON response indicating an internal error then LinOTP will instead return a e.g. HTTP 500 error code.