Userinfo¶
Deprecation of Consent service
The Userinfo endpoint will no longer provide unverified end-user data such as email, address and phone - nor NNIN - by the end of 2025. See special announcement.
The Userinfo endpoint may be used to retrieve information about the end user (subject) that just logged in:
- Full name
- Birthdate
Note: This info already exists in the ID Token.
Steps¶
- The end-user completes the BankID authentication process though the authorization endpoint.
- (Deprecated) If the client has requested any of the userinfo scopes, a consent dialog is shown.
- (Deprecated) After consent is given, the client receives the callback to the callback URL.
- The client performs token exchange and validation to get the Access and ID Tokens.
- The client calls the userinfo endpoint using the Access Token to retrieve the consented information about the end user.
Sequence diagram¶
sequenceDiagram
actor u as User
participant Merchant as Your Web App
participant BankID as BankID
participant UserInfo as UserInfo API
u ->> Merchant: Request login
Note right of Merchant: Client redirects user to BankID
Merchant->>BankID: GET /authorize?scope=openid+email&client_id=...
BankID->>u: Consent dialog is shown after BankID authentication
u-->>BankID: Gives consent
BankID-->> Merchant: Redirect to callback with code
Note right of Merchant: Client fetches tokens and verifies
Merchant->>BankID: POST /token with code
BankID-->>Merchant: Tokens
Note right of BankID: Client fetches userinfo using Access Token from end user
Merchant->>UserInfo: GET /userinfo
UserInfo-->>Merchant: User information
Merchant->>u: Authentication complete
API¶
Note
You will always find the up-to-date URL for the Userinfo Endpoint in the OpenID Configuration
- as userinfo_endpoint
.
Request¶
Headers¶
Authorization: Bearer [access_token]
Response¶
The response contains the user information as a signed JWT format.