UserinfoΒΆ

The userinfo endpoint is an OIDC/OAuth protected resource where client applications can retrieve claims, or assertions, about the logged in end-user. Clients must present a valid access token to retrieve the userinfo claims.

The userinfo endpoint is:

Example of a userinfo response:

GET /openid/userinfo HTTP/1.1
Authorization: Bearer 0f0935c3-a997-40fb-89c2-f7da126ba5d9

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
    "sub": "76a7a061-3c55-430d-8ee0-6f82ec42501f",
    "dataporten-userid_sec": [
        "feide:andreas@uninett.no"
    ],
    "name": "Andreas \u00c5kre Solberg",
    "email": "andreas.solberg@uninett.no",
    "email_verified": true,
    "picture": "https://api.dataporten.no/userinfo/v1/user/media/p:a3019954-902f-45a3-b4ee-bca7b48ab507"
}

The set of information that will be available from userinfo depends on which scopes the client has authorized and requested in the authorization request.

connect-userid_sec
Included for backward compatibility. Same as dataporten-userid_sec.
dataporten-userid_sec

Secondary user IDs, e.g. Feide identifier.

The scopes userid-feide, userid-nin, userid-social and eidas determine what information is included here.

email
Email address of the authenticated user. Requires the email scope.
email_verified
true if email is included.
name
The name of the authenticated user. Requires the profile scope.
picture
A picture of the authenticated user, if available. Requires the profile scope.
sub
The internal ID of the authenticated user. This ID is stable but opaque, not releasing any additional information about the user. Always included.