Userinfo¶
The userinfo endpoint may be used to retrieve additional information about an end user beyond what is contained in the ID Token.
Steps¶
- The end-user completes the BankID authentication process though the authorization endpoint.
- If the client has requested any of the userinfo scopes, a consent dialog is shown.
- After consent is given, the client receives the callback to the callback URL.
- The client performs token exchange and validation to get the Access and ID Tokens.
- The client calls the userinfo endpoint using the Access Token to retrieve the consented information about the end user.
Sequence diagram¶
sequenceDiagram
actor u as User
participant Merchant as Your Web App
participant BankID as BankID
participant UserInfo as UserInfo API
u ->> Merchant: Request login
Note right of Merchant: Client redirects user to BankID
Merchant->>BankID: GET /authorize?scope=openid+email&client_id=...
BankID->>u: Consent dialog is shown after BankID authentication
u-->>BankID: Gives consent
BankID-->> Merchant: Redirect to callback with code
Note right of Merchant: Client fetches tokens and verifies
Merchant->>BankID: POST /token with code
BankID-->>Merchant: Tokens
Note right of BankID: Client fetches userinfo using Access Token from end user
Merchant->>UserInfo: GET /userinfo
UserInfo-->>Merchant: User information
Merchant->>u: Authentication completeAPI¶
Note
You will always find the up-to-date URL for the Userinfo Endpoint in the OpenID Configuration
- as userinfo_endpoint.
Request¶
Headers¶
Authorization: Bearer [access_token]
Response¶
The response contains the user information as a signed JWT format.
{
"iss": "https://userinfo.current.bankid.no",
"sub": "9578-6000-4-00001",
"aud": "oidc-testclient",
"name": "Ola Normann",
"given_name": "Ola",
"family_name": "Normann",
"updated_at": 1519992419860,
"email": "normann@example.org",
"birthdate": "110286",
"phone_number": "95871775",
"address": {
"formatted": "Veien 311\nOslo 0772",
"street_address": "Veien 311",
"locality": "0772",
"postal_code": "Oslo"
}
}