Exchange a valid bearer token for an authenticated browser session.

This endpoint takes an authentication bearer token in the header, or as the query parameter “access_token”.

It uses “scoped=true” as a query parameter optionally. When “scoped=true” is given, the cookie created is used to login to app-scoped applications. If “scoped=true” is not given, the cookie created is used to log in to nonapp-scoped applications.

It uses “redirect_url” as a query parameter optionally. When “redirect_url” is given, the call redirects to the redirect URL with the authenticated session.