Verifies that the external IdP user exists in Wristband and is active. For verification to succeed, the Wristband user must be associated with the same IdP as the one the user authenticated against. Likewise, the Wristband user's externalId field must match the primary identifier of the user from the external IdP. The primary identifier of an external IdP user is extracted from the subject claim for OIDC-based IdPs and the NameID attribute for SAML-based IdPs.
If verification succeeds, several responses can be returned. Please refer to the result response field description to see the different types of responses that can be returned.
If verification fails because a Wristband user can't be found with a matching externalId then a 404 error is returned with a user_not_found error code. If a user is found with a matching externalId but their status is not ACTIVE, then a 400 error is returned with a user_not_active error code.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| external-idp-login-workflow:execute | Application | The subject can perform this operation for requests associated with the application to which the subject belongs. |