Finalize SAML authentication | API Reference

Authorization

Descope Project ID

AuthorizationBearer <token>

Project ID as bearer token.

In: header

Request Body

application/json

code?string

Finalize SAML authentication

curl -X POST "https://api.descope.com/v1/auth/saml/exchange" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/v1/auth/saml/exchange" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string",
        "permissions": [
          "string"
        ]
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {
      "attribute-key": "attribute-value"
    },
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true,
    "push": true,
    "permissions": [
      "string"
    ],
    "OIDC": true,
    "consentExpiration": 0
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ],
    "idpSAMLAttributes": false,
    "idpOIDCClaims": {}
  },
  "sessionExpiration": 0,
  "externalToken": "string",
  "claims": {},
  "tenantSSOID": "string",
  "trustedDeviceJwt": "string",
  "nextRefreshSeconds": 0,
  "cookieName": "string",
  "sessionCookieName": "string",
  "sessionCookieDomain": "string"
}

{  "sessionJwt": "string",  "refreshJwt": "string",  "cookieDomain": "string",  "cookiePath": "string",  "cookieMaxAge": 0,  "cookieExpiration": 0,  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0  },  "firstSeen": true,  "idpResponse": {    "samlResponse": "string",    "samlGeneratedUser": "string",    "samlGeneratedRoles": "string",    "oidcResponse": "string",    "oidcGeneratedUser": "string",    "oidcGeneratedRoles": "string",    "idpGroups": [      "string"    ],    "idpSAMLAttributes": false,    "idpOIDCClaims": {}  },  "sessionExpiration": 0,  "externalToken": "string",  "claims": {},  "tenantSSOID": "string",  "trustedDeviceJwt": "string",  "nextRefreshSeconds": 0,  "cookieName": "string",  "sessionCookieName": "string",  "sessionCookieDomain": "string"}

TypeScript

/**
 * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message
 */
export interface Response {
sessionJwt?: string
refreshJwt?: string
cookieDomain?: string
cookiePath?: string
cookieMaxAge?: number
cookieExpiration?: number
user?: ResponseUser
firstSeen?: boolean
idpResponse?: IDPResponse
sessionExpiration?: number
externalToken?: string
claims?: {

}
tenantSSOID?: string
trustedDeviceJwt?: string
nextRefreshSeconds?: number
cookieName?: string
sessionCookieName?: string
sessionCookieDomain?: string
}
export interface ResponseUser {
loginIds?: string[]
userId?: string
name?: string
email?: string
phone?: string
verifiedEmail?: boolean
verifiedPhone?: boolean
roleNames?: string[]
userTenants?: UserTenants[]
status?: string
externalIds?: string[]
picture?: string
test?: boolean
/**
 * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.
 */
customAttributes?: {
[k: string]: string
}
createdTime?: number
TOTP?: boolean
SAML?: boolean
OAuth?: {
[k: string]: boolean
}
webauthn?: boolean
password?: boolean
ssoAppIds?: string[]
givenName?: string
middleName?: string
familyName?: string
editable?: boolean
SCIM?: boolean
push?: boolean
permissions?: string[]
OIDC?: boolean
consentExpiration?: number
}
export interface UserTenants {
tenantId?: string
roleNames?: string[]
tenantName?: string
permissions?: string[]
}
export interface IDPResponse {
samlResponse?: string
samlGeneratedUser?: string
samlGeneratedRoles?: string
oidcResponse?: string
oidcGeneratedUser?: string
oidcGeneratedRoles?: string
idpGroups?: string[]
idpSAMLAttributes?: boolean
idpOIDCClaims?: {

}
}

/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface Response {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: ResponseUserfirstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: string}export interface ResponseUser {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: number}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}

Was this helpful?