POST /oauth/userinfo

Returns information about the authenticated user. Uses HTTP POST.

The platform's OAuth Provider supports retrieval of claims about the end-user via its UserInfo endpoint. This API is an OAuth 2.0-protected resource. To obtain the requested claims about an end-user, the Client should make a request to the UserInfo API using an Access Token obtained through OpenID Connect Authentication. These Claims are normally represented by a JSON object that contains a collection of name and value pairs for the Claims.

The Client can include the access token in the request parameters, query, or post, depending on the HTTP method used to invoke the UserInfo API or as an Authorization header with Bearer scheme.

Note: We recommend that the request use the HTTP GET method (GET /oauth/userinfo), sending the access token in the Authorization header. For information on why you might choose one or the other, see OAuth Operations: GET or POST?

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

POST

URL

https://{oauth-provider-url}/oauth/userinfo

Sample Request

The access token can be sent in the query parameters, as an Authorization header, or as POST body.

The first example below shows a request for the user info, with an access token sent in the request URL.

Request URL #1: access token is in parameter

https://{oauth-provider-url}/oauth/userinfo?access_token={bearer_token_value}

Request URL #2: access token is in request body:

https://{oauth-provider-url}/oauth/userinfo

Sample request headers

The example below shows the access token sent in the Authorization header (for either GET or POST). But if the token is sent as a request parameter, or in the request body, the Authorization header is not needed.

Host: docexample.akana.rcoaless.com
Authorization: Bearer {bearer_token_value}
Accept: application/json
Content-Type: application/x-www-form-urlencoded

Sample request body (for request URL #2)

The example below shows the access token sent in the request body

access_token={bearer_token_value}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/json
Content-Type	application/x-www-form-urlencoded
Host	The host header for the API call, with the server hostname.
Authorization	The Authorization header, with the token type and token content.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
access_token	query or body	string	Optional	The access token that was received from the authorization server after the user was authenticated.

Response

If successful, this operation returns HTTP status code 200, with the user info.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers: application/json

Content-Type: application/json
Date: Fri, 18 Sep 2020 16:35:21 GMT

Sample response body: application/json

{
  "sub": "jmead",
  "mail": "jmead@akana.rcoaless.com",
  "$EMAIL": "jmead@akana.rcoaless.com",
  "$FULLNAME": "Jane.Mead",
  "cn": "Jane Mead"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/json

Response Body

The response body is the userinfo. Exact contents depend on the OAuth Provider.

The response body includes the UserInfo claims, returned in a JSON object. The UserInfo claims include:

Standard claims as defined in the OpenID Connect specification.
Possibly, custom claims returned from specific identity providers.

The specific content of the response payload might vary according to the resource owner and also the scopes that are used to get the token.

The sub (subject) claim is always included in the UserInfo response. Other claims might be present, depending on the authentication response from the specific identity provider.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
401	This operation might return a 401 for any of the following reasons: The request does not contain an access token (query/form parameter or Authorization header) The access token is invalid The access token is valid but was not obtained through OpenID Connect Authentication (openid scope was not part of the end-user authorization)
404	This operation might return a 404 for any of the following reasons: OpenID Connect is not enabled in the OAuth provider The host name is not mapped to the OAuth provider correctly The URL is accessed over HTTP but the provider is configured to accept only HTTPS requests
500	An error occurred processing the call.

Item

Value

401

This operation might return a 401 for any of the following reasons:

The request does not contain an access token (query/form parameter or Authorization header)
The access token is invalid
The access token is valid but was not obtained through OpenID Connect Authentication (openid scope was not part of the end-user authorization)

404

This operation might return a 404 for any of the following reasons:

OpenID Connect is not enabled in the OAuth provider
The host name is not mapped to the OAuth provider correctly
The URL is accessed over HTTP but the provider is configured to accept only HTTPS requests

500

An error occurred processing the call.

More information about Akana OAuth API error messages.