POST /oauth/userinfo

Returns information about the authenticated user. Uses HTTP POST.

The platform's OAuth Provider supports retrieval of claims about the end-user via its UserInfo endpoint. This API is an OAuth 2.0-protected resource. To obtain the requested claims about an end-user, the Client should make a request to the UserInfo API using an Access Token obtained through OpenID Connect Authentication. These Claims are normally represented by a JSON object that contains a collection of name and value pairs for the Claims.

The Client can include the access token in the request parameters, query, or post, depending on the HTTP method used to invoke the UserInfo API or as an Authorization header with Bearer scheme.

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{oauth-provider-url}/oauth/userinfo

Back to top

Sample Request

The access token can be sent in the query parameters, as an Authorization header, or as POST body.

The example below shows a request for the user info, with an access token sent in the request URL, in the case of the GET operation.

Request URL

https://{oauth-provider-url}/oauth/userinfo?access_token=SlAV32hkKG

Sample request headers

The example below shows the access token sent in the Authorization header (for either GET or POST).

Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

Sample request body

The example below shows the access token sent in the request body, in the case of the POST operation.

access_token=SlAV32hkKG

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json
Content-Type application/x-www-form-urlencoded

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
access_token query or body string Optional The access token that was received from the authorization server after the user was authenticated.

Back to top

Response

If successful, this operation returns HTTP status code 200, with the user info.

Back to top

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers: application/json

Content-Type: application/json

Sample response body: application/json

{
  "sub": "jdoe",
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "email": "janedoe@example.com"
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json

Back to top

Response Body

The response body includes the UserInfo claims, returned in a JSON object. The UserInfo claims include:

  • Standard claims as defined in the OpenID Connect specification.
  • Possibly, custom claims returned from specific identity providers.

The sub (subject) claim is always included in the UserInfo response. Other claims may be present depending on the authentication response from the specific identity provider.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401

This operation might return a 401 for any of the following reasons:

  • The request does not contain an access token (query/form parameter or Authorization header)
  • The access token is invalid
  • The access token is valid but was not obtained through OpenID Connect Authentication (openid scope was not part of the end-user authorization)
404

This operation might return a 404 for any of the following reasons:

  • OpenID Connect is not enabled in the OAuth provider
  • The host name is not mapped to the OAuth provider correctly
  • The URL is accessed over HTTP but the provider is configured to accept only HTTPS requests
500 An error occurred processing the call.

More information about Akana OAuth API error messages.

Back to top

Related Topics