PhenixID DocumentationPhenixID Authentication ServicesVersion 2.8 Developer integration guidesUsing PhenixID OpenIDConnect HTTP API for OpenIDConnect UserInfo

Using PhenixID OpenIDConnect HTTP API for OpenIDConnect UserInfo

Overview

This API is used to get additional user claims (attributes) based on the logged-in user. To retreive the userInfo, the api client must submit the access_token returned from previous call to the API, normally using the token endpoint.

To use the API, one method is called. It will return:

- HTTP Status code 200 if access_token is still valid. UserInfo will be returned

- HTTP Status code 403 if access_token is not valid.  

Prerequisites

- PhenixID Authentication Services HTTP API configured for OpenIDConnect UserInfo use case

userinfo - data to be fetched before api call

The api client must fetch this value:

- access_token, returned from previous authentication (this might be returned through API, OIDC or SAML2)

 How this parameter is fetched may differ depending on the use case.

userinfo - api call

Request

Method: HTTP POST

Endpoint: /api/authentication/userinfo

Headers:

Name Value
Mandatory Comment
Content-Type application/json Yes
tenant t1 Yes .Value must be given to you by PhenixID Signing Service admin, it might differ depending on the environment.
Authorization Bearer <access_token> Yes <access_token> should be replaced with the access_token fetched previously.

Body:

No body content.

Example request

 

PUT /api/authentication/userinfo HTTP/1.1
Host: integration.phenixid.se
tenant: t1
Content-Type: application/json
Authorization: Bearer f4974cb0-837b-44ff-aa43-e70187ab0663
cache-control: no-cache

Response

Response

The HTTP Response status code may have one of these values:

1. 200. oAuth2 bearer token is valid. Body will contain UserInfo.

2. 403. oAuth2 bearer token is not valid - user must re-authenticate.

 

The response body JSON structure properties: 

Name Comment
Set of OpenID Connect User claims. May differ depending on configuration

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 390010
{
    "sub": "+467212345678",
    "name": "Alan Alda",
    "phone_number": "+467212345678",
    "given_name": "Alan",
    "family_name": "Alda",
    "email": "alan.alda@example.com",
    "employee_role": "doctor"
}