Exchange an Intermediate Session for a fully realized Member Session for the Organization that the user wishes to log into.
This endpoint can be used to accept invites and JIT Provision into a new Organization on the basis of the user's email domain or OAuth tenant.
If the user has already satisfied the authentication requirements of the Organization they are trying to exchange into and logged in with a method that verifies their email address, this API will return member_authenticated: true and a session_token and session_jwt.
If the user has not satisfied the primary or secondary authentication requirements of the Organization they are attempting to exchange into or is JIT Provisioning but did not log in via a method that provides email verification, this API will return member_authenticated: false and an intermediate_session_token.
If primary_required is returned, prompt the user to fulfill the Organization's auth requirements using the options returned in primary_required.allowed_auth_methods.
If primary_required is null and mfa_required is set, check mfa_required.member_options to determine if the Member has SMS OTP or TOTP set up for MFA and prompt accordingly. If the Member has SMS OTP, check mfa_required.secondary_auth_initiated to see if the OTP has already been sent.
Include the intermediate_session_token returned above when calling the authenticate() method that the user needed to perform. Once the user has completed the authentication requirements they were missing, they will be granted a full session_token and session_jwt to indicate they have successfully logged into the Organization.
The intermediate_session_token can also be used with the Create Organization via Discovery endpoint to create a new Organization instead of joining an existing one.