Rate this page

UserInfo Endpoint

The UserInfo endpoint is a simple read-only interface defined by the OpenID Connect standard for providing access to user profile data. It returns a set of claims (in this case, attributes) about the user that is the subject of the client’s access token.

UserInfo request

GET /userinfo

The client must use HTTP bearer token authentication to authenticate itself to the UserInfo endpoint. The bearer token must include the openid scope and must not be an application token (i.e., it must be associated with an authenticated user).

Example request:

GET /userinfo HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJraWQiOi...
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Host: example.com:443

UserInfo response

The UserInfo response will contain a varying set of attributes — also called claims — for the user, depending on the scopes granted by the bearer token. The OpenID Connect specification defines a number of standard claims in section 5.1, but these claims are customizable. The following table lists some typically used standard claims.

Claim Type Provided? Description
sub string always The unique ID of the user for whom the token was granted. Takes the form of <resource type>/<unique ID>.
name string The end user’s full name.
given_name string The end user’s given or first name.
family_name string The end user’s family or last name.
preferred_username string The end user’s username.
email string The end user’s email address.
phone_number string The end user’s phone number.
updated_at number An integer timestamp, measured in the number of seconds since January 1, 1970 UTC, which indicates when the end user’s profile was last updated.

Example response:

HTTP/1.1 200 OK
Content-Length: 136
Content-Type: application/json
Date: Tue, 19 Apr 2016 01:09:37 GMT

    "email": "ellen.runciter@ubik.com", 
    "preferred_username": "ellen",
    "sub": "Users/b3e608fb-f3ca-4e07-9549-8cc0002899b9", 
    "updated_at": 1461028153