post https://{tenanturl}/v1.0/socialjwt/exchange
This API allows IBM Security Verify access token to be generated by sending an access token from a social identity provider. The token must be included in a JWT containing the following claims.
If the access token is not available, a "userinfo" claim may be passed in instead of a token. The signed JWT is proof of valid login. The claims should be similar to the id_token claims.
| Name | Description | Optional | Valid Values |
|---|---|---|---|
| plat | Social network platform that issed the token | false | |
| sub | Principal subject identifier at the social network | false | user unique identifier on the social platform |
| token | The access token issued by the platform | false | valid access token issued by the social platform |
| iss | issuer of the JWT token used to invoke the token exchange API | false | any uri |
| typ | Type of the JWT token | false | urn:com:ibm:cloudidentity:social |
| exp | The expiration time after which the JWT will not be accepted. Format is seconds since epoch | true | 1594123601 |
| userinfo | A JSON object that contains the user info claims. These are the claims used to search for the user and optionally create. The only required claim is the attribute configured to be the user unique identifier. If this claim is included the "token" claim is ignored. | true | {"plat": "plat", ..., "userinfo": { "email": "[email protected]"}} |
| <attribute name> | A user claim that will be added to the resulting credential. The attribute name must be configured in the attribute mappings in the identity source. | true | The value to be added to the cred attribute |
These are the claims expected when the previous call returned a 400 requesting a missing attribute
| Name | Description | Optional | Valid Values |
|---|---|---|---|
| plat | Social network platform that issed the token | false | |
| state_id | The state_id returned from the previous request | false | 1231424525 |
| eg: phone_number | Should be the name of the missing attribute returned from the previous call. Ex: the first call returned a 400 with missingAttrName = phone_number. The Name would be phone number. | false | The value of the missing attribute, ex: the phone number |