> ## Documentation Index
> Fetch the complete documentation index at: https://docs.alforse.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Autenticación

> Autenticación de tenant: tokens, login, MFA, passkeys, SSO, invitaciones y reset.

Los endpoints públicos de autenticación emiten tokens de tenant. Los demás requieren `Authorization: Bearer accessToken`.

| Endpoint                               | Cuerpo/parámetros                                                    | Permiso        |
| -------------------------------------- | -------------------------------------------------------------------- | -------------- |
| `POST /auth/register`                  | `tenantName, tenantSlug, adminName, email, password, turnstileToken` | `Public`       |
| `POST /auth/redeem`                    | `code, tenantName, tenantSlug, adminName, email, password`           | `Public`       |
| `POST /auth/login`                     | `tenantSlug, email, password, mfaCode/emailCode, turnstileToken`     | `Public`       |
| `POST /auth/login/resolve`             | `email`                                                              | `Public`       |
| `POST /auth/login/mfa/email`           | `tenantSlug, email, password`                                        | `Public`       |
| `POST /auth/refresh`                   | `refreshToken or cookie`                                             | `Public`       |
| `POST /auth/logout`                    | `refresh token`                                                      | `bearer token` |
| `GET /auth/me`                         | —                                                                    | `bearer token` |
| `PATCH /auth/preferences`              | `language, locale, timezone, currency, formats`                      | `bearer token` |
| `PATCH /auth/profile`                  | `name, nameProfile`                                                  | `bearer token` |
| `GET /auth/mfa/status`                 | —                                                                    | `bearer token` |
| `POST /auth/mfa/enroll/start`          | —                                                                    | `bearer token` |
| `POST /auth/mfa/enroll/confirm`        | `secret, code`                                                       | `bearer token` |
| `POST /auth/mfa/disable`               | `code`                                                               | `bearer token` |
| `GET /auth/passkeys`                   | —                                                                    | `bearer token` |
| `POST /auth/passkeys/register/options` | —                                                                    | `bearer token` |
| `POST /auth/passkeys/register/verify`  | `response, label`                                                    | `bearer token` |
| `DELETE /auth/passkeys/:id`            | `id`                                                                 | `bearer token` |
| `POST /auth/passkeys/login/options`    | `email, tenantSlug, turnstileToken`                                  | `Public`       |
| `POST /auth/passkeys/login/verify`     | `flowId, response`                                                   | `Public`       |
| `GET /auth/sso/providers`              | `tenantSlug`                                                         | `Public`       |
| `GET /auth/sso/:provider/start`        | `tenantSlug, next, client`                                           | `Public`       |
| `GET /auth/sso/:provider/callback`     | `provider callback`                                                  | `Public`       |
| `POST /auth/sso/exchange`              | `code`                                                               | `Public`       |
| `POST /auth/invitations/accept`        | `token, tenantSlug, name, password, turnstileToken`                  | `Public`       |
| `POST /auth/password-reset/request`    | `tenantSlug, email, turnstileToken`                                  | `Public`       |
| `POST /auth/password-reset/confirm`    | `token, tenantSlug, password, turnstileToken`                        | `Public`       |
