4.7 UserInfo Endpoint

UserInfo Endpoint is used for getting Resource Owner's claims. A client can send a request to UserInfo endpoint with a valid access token and get the claims that are authorized by Resource Owner to share.

Endpoint URL: https://<Identity Server URL: Port Number>/nidp/oauth/nam/userinfo

Request method: GET and POST

4.7.1 Request Parameters

The clients or resource servers can invoke the request to UserInfo Endpoint by including the access token in the authorization header as given below:

Authorization: Bearer access_token

4.7.2 Response Values

The UserInfo endpoint returns the claims associated with the access token in a JSON object as given in the response values.

Parameter	Description
sub	Unique ID identifying the subject. This will be GUID of the user.
The other claims are included as values in JSON object if the access token contains the necessary scope and user has authorized the client to access the claim. For example, if the client has requested "email" scope, the UserInfo endpoint will return following value: "email" : "alice@c.com" along with the "sub" field.

Parameter

Description

sub

Unique ID identifying the subject. This will be GUID of the user.

The other claims are included as values in JSON object if the access token contains the necessary scope and user has authorized the client to access the claim.

For example, if the client has requested "email" scope, the UserInfo endpoint will return following value:

"email" : "alice@c.com" along with the "sub" field.

4.7.3 Sample Request and Response

Request:

GET /nidp/oauth/nam/userinfo HTTP/1.1 
User-Agent: curl/7.41.0 
Host: www.idp.com:8443
 Accept: / Authorization: 
 Bearer /wEBAA.............DSDG

Response:

HTTP/1.1 200 OK 
Server: Apache-Coyote/1.1 
 Content-Type: application/json 
Content-Length: 73 Date: 
 Thu, 19 Mar 2018 16:14:52 GMT 
{
 "sub": "6adb7ca411d5a14c94946adb7ca411d5", 
 "email": "alice@a.com" 
}