### Exchange SSO SAML code for Descope user session This endpoint will exchange the unique SAML code (also called a token) for the Descope session information needed for managing the end user session. Call this endpoint from your code flow that responds to the `url` that was returned by the [Sign-In](/api/oauth/sign-up-sign-in) endpoint. The unique code `<unique-code\>` is appended as a URL parameter: `code=<unique-code\>`, for example, `url = https://sso.mycompany.com/mywork.htm?code=<unique-code\>`. ### Next Steps 1. Extract the unique code `<unique-code\>` from the URL parameter. 2. Call this endpoint, passing the `<unique-code\>` as the request parameter The response object includes the session JWT (sessionJwt) and refresh JWT (refreshJwt) when this endpoint completes successfully. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number.