Attributes for specific users

Information about specific Feide users is available through this API. The information is fetched from Feide directories. In order to access the API, a number of requirements have to be met.

The API only supports looking up Feide accounts. It cannot be used to retrieve information about, for example, guest users or users logging in using ID-Porten.

Note

This API is intended for retrieving user attributes. If your service only needs to check whether a user exists, use the dedicated check user existence API with the narrower system-check-user-existence scope instead.

API endpoint

The API supports looking up the information of a user by providing either a Feide ID or a sub. The structure of the output is the same for both variants.

https://api.dataporten.no/userinfo/v1/lookup/{identifier}

Examples

The examples below are for the testuser asbjorn_elevg@testusers.feide.no. This user can be identified by the values:

• Feide ID: feide:asbjorn_elevg@testusers.feide.no

• sub: af761fdb-71fa-484b-9782-ababdc739559

The following API calls rely on an access token with the scopes system-all-users, userid-feide and userinfo-name.

Lookup by Feide ID

To look up this user by their Feide ID feide:asbjorn_elevg@testusers.feide.no, make the following call:

curl -sSLf -H 'Authorization: Bearer ....' \
'https://api.dataporten.no/userinfo/v1/lookup/feide%3Aasbjorn_elevg%40testusers.feide.no'

Lookup by sub

To look up this user by their sub af761fdb-71fa-484b-9782-ababdc739559, make the following call:

curl -sSLf -H 'Authorization: Bearer ....' \
'https://api.dataporten.no/userinfo/v1/lookup/af761fdb-71fa-484b-9782-ababdc739559'

Output

In both cases this will give the following output:

{
    "cn": [
        "Asbj\u00f8rn ElevG Hansen"
    ],
    "displayName": "Asbj\u00f8rn ElevG Hansen",
    "eduPersonPrincipalName": "asbjorn_elevg@testusers.feide.no",
    "givenName": [
        "Asbj\u00f8rn ElevG"
    ],
    "sn": [
        "Hansen"
    ],
    "uid": [
        "asbjorn_elevg"
    ]
}

Parameters

identifier

The identifier path parameter specifies the target user. This parameter accepts the following identifiers:

• Feide ID: A Feide account identifier prefixed with feide:, e.g. feide:user@kommune.test.

• sub: An OpenID Connect subject identifier as a UUID, e.g. 20aa6dfc-9725-4c70-9963-4d31894970fb.

The identifier must be percent encoded as specified in the rules for path segments in RFC 3986.

Example:

feide%3Auser%40kommune.test

Return values

The API returns a JSON object with data from Feide directories. The keys in the returned object are the attribute names. The available attributes page lists the attributes that may be included in the response and the attribute groups required to access them.

Errors

The API returns 403 Forbidden when the requirements below aren’t met.

It returns 404 Not Found when the user cannot be found.

Requirements for accessing the API

• The service must have the system-all-users scope.

• The access token must have been obtained using the client credentials flow.

• The service must have been activated for one of the organization units the user belongs to or the entire organization.