This API allows IBM Security Verify access token to be generated by sending an access token from a social identity provider. The token must be included in a JWT containing the following claims.
If the access token is not available, a "userinfo" claim may be passed in instead of a token. The signed JWT is proof of valid login. The claims should be similar to the id_token claims.

NameDescriptionOptionalValid ValuesplatSocial network platform that issed the tokenfalsewechatsubPrincipal subject identifier at the social networkfalseuser unique identifier on the social platformtokenThe access token issued by the platformfalsevalid access token issued by the social platformississuer of the JWT token used to invoke the token exchange APIfalseany uritypType of the JWT tokenfalseurn:com:ibm:cloudidentity:socialexpThe expiration time after which the JWT will not be accepted. Format is seconds since epochtrue1594123601userinfoA JSON object that contains the user info claims. These are the claims used to search for the user and optionally create. The only required claim is the attribute configured to be the user unique identifier. If this claim is included the "token" claim is ignored.true{"plat": "plat", ..., "userinfo": { "email": "[email protected]"}}<attribute name>A user claim that will be added to the resulting credential. The attribute name must be configured in the attribute mappings in the identity source.trueThe value to be added to the cred attribute
These are the claims expected when the previous call returned a 400 requesting a missing attribute
NameDescriptionOptionalValid ValuesplatSocial network platform that issed the tokenfalsewechatstate_idThe state_id returned from the previous requestfalse1231424525eg: phone_numberShould be the name of the missing attribute returned from the previous call.
Ex: the first call returned a 400 with missingAttrName = phone_number. The Name would be phone number.falseThe value of the missing attribute, ex: the phone number