This will provide a link the caller can use to launch an external portal with a short lived password portal can use to authenticate the user. The launch request looks up the base URL from external.links.config and adds ?token= to it. The portal can then use this token to call back to the login passing just the token in the password field in order to get a JWT for the user that can then be renewed as usual.