UserInfo Endpoint

Overview

The UserInfo Endpoint is defined in the OpenID Connect Core specification. It returns claims about the authenticated end-user, given a valid Access Token obtained via OpenID Connect.

It allows clients to retrieve claims (e.g., sub, name, email).

Endpoint

The endpoint is advertised in the userinfo_endpoint in the metadata exposed by the discovery endpoint and typically is:

GET https://[BASE_URL]/connect/userinfo

Authentication

• Requires an Access Token issued for the openid scope.
• The token is sent in the Authorization header:

Authorization: Bearer SlAV32hkKG

Response

A successful response is a JSON object containing user claims. Example:

{
   "sub": "6b3d5b7b-867b-4e34-98df-f1c8a9af37b9",
   "name": "Alice Adams",
   "given_name": "Alice",
   "family_name": "Adams",
   "preferred_username": "[email protected]",
   "email": "[email protected]",
   "email_verified": true 
}

Usage Example

GET /connect/userinfo
Authorization: Bearer SlAV32hkKG

Security Considerations

• Clients should request only the scopes they need (profile, email, phone, address) to avoid unnecessary data exposure.

Related Endpoints

• Authorization Endpoint – Grants an Access Token with openid scope.
• Token Endpoint – Exchanges authorization codes for Access Tokens.