Userinfo¶
Deprecation of Consent service
The Userinfo endpoint will no longer provide unverified end-user data such as email, address and phone - nor NNIN - by the end of 2025. See special announcement.
The Userinfo endpoint may be used to retrieve information about the end user (subject) that just logged in:
- Full name
- Birthdate
Note: This info already exists in the ID Token.
Steps¶
- The end-user completes the BankID authentication process though the authorization endpoint.
- (Deprecated) If the client has requested any of the userinfo scopes, a consent dialog is shown.
- (Deprecated) After consent is given, the client receives the callback to the callback URL.
- The client performs token exchange and validation to get the Access and ID Tokens.
- The client calls the userinfo endpoint using the Access Token to retrieve the consented information about the end user.
Sequence diagram¶
API¶
Note
You will always find the up-to-date URL for the Userinfo Endpoint in the OpenID Configuration
- as userinfo_endpoint
.
Request¶
Headers¶
Authorization: Bearer [access_token]
Response¶
The response contains the user information as a signed JWT format.