Skip to content

Userinfo

Deprecation of Consent service

The Userinfo endpoint will no longer provide unverified end-user data such as email, address and phone - nor NNIN - by the end of 2025. See special announcement.

The Userinfo endpoint may be used to retrieve information about the end user (subject) that just logged in:

  • Full name
  • Birthdate

Note: This info already exists in the ID Token.

Steps

  1. The end-user completes the BankID authentication process though the authorization endpoint.
  2. (Deprecated) If the client has requested any of the userinfo scopes, a consent dialog is shown.
  3. (Deprecated) After consent is given, the client receives the callback to the callback URL.
  4. The client performs token exchange and validation to get the Access and ID Tokens.
  5. The client calls the userinfo endpoint using the Access Token to retrieve the consented information about the end user.

Sequence diagram

API

Note

You will always find the up-to-date URL for the Userinfo Endpoint in the OpenID Configuration - as userinfo_endpoint.

Request

GET [userinfo_endpoint]

Headers

Authorization: Bearer [access_token]

Response

The response contains the user information as a signed JWT format.

{
  "kid" : "HN2z_WSedilULh8qvzPBgOi95l3l_xsgMK-O_NN0zLU",
  "typ" : "JWT",
  "alg" : "RS256"
}

{
  "iss": "https://userinfo.current.bankid.no",
  "sub": "9578-6000-4-00001",
  "aud": "oidc-testclient",
  "name": "Ola Normann",
  "given_name": "Ola",
  "family_name": "Normann",
  "updated_at": 1519992419860,
  "birthdate": "110286"
}