UserinfoΒΆ

The userinfo endpoint is an OIDC/OAuth protected resource where client applications can retrieve claims, or assertions, about the logged in end-user. Clients must present a valid access token to retrieve the userinfo claims.

The userinfo endpoint is:

Example of a userinfo response:

GET /openid/userinfo HTTP/1.1
Authorization: Bearer 0f0935c3-a997-40fb-89c2-f7da126ba5d9

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f",
    "dataporten-userid_sec": [
        "feide:andreas@uninett.no"
    ],
    "name": "Andreas \u00c5kre Solberg",
    "email": "andreas.solberg@uninett.no",
    "email_verified": true,
    "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-bca7b48ab507"
}

The set of information that will be available from userinfo depends on which attribute groups the client has authorized and which scopes are requested in the authorization request.

connect-userid_sec

Included for backward compatibility. Same as dataporten-userid_sec.

dataporten-userid_sec

Secondary user IDs, e.g. Feide identifier.

The attribute groups userid-feide, userid-nin, userid-social and eidas determine what information is included here.

email

Email address of the authenticated user. Requires the email attribute group.

email_verified

true if email is included.

name

The name of the authenticated user. Requires the userinfo-name attribute group.

picture

A picture of the authenticated user, if available. Requires the userinfo-photo attribute group.

sub

The internal ID of the authenticated user. This ID is stable but opaque, not releasing any additional information about the user. Always included.