OpenIDConnect UserInfo - integration guide for developers

Overview

This API is used to get additional user claims (attributes) based on the logged-in user. To retreive the userInfo, the api client must submit the access_token returned from previous call to the API, normally using the token endpoint.

To use the API, one method is called. It will return:

- HTTP Status code 200 if access_token is still valid. UserInfo will be returned

- HTTP Status code 403 if access_token is not valid.  

Prerequisites

- PhenixID Authentication Services HTTP API configured for OpenIDConnect UserInfo use case

- OIDC OP Discovery URL

userinfo - data to be fetched before api call

The api client must fetch this value:

- access_token, returned from previous authentication (this might be returned through API, OIDC or SAML2)

 How this parameter is fetched may differ depending on the use case.

userinfo - api call

Request

Method: HTTP POST

Endpoint: <This value is fetched from the OIDC discovery URL)
Example: /api/authentication/userinfo?tenant=t1

Headers:

Name Value
Mandatory Comment
Content-Type application/json Yes
Authorization Bearer <access_token> Yes <access_token> should be replaced with the access_token fetched previously.

Body:

No body content.

Example request

 

PUT /api/authentication/userinfo?tenant=t1 HTTP/1.1
Host: integration.phenixid.se
Content-Type: application/json
Authorization: Bearer f4974cb0-837b-44ff-aa43-e70187ab0663
cache-control: no-cache

Response

Response

The HTTP Response status code may have one of these values:

1. 200. oAuth2 bearer token is valid. Body will contain UserInfo.

2. 403. oAuth2 bearer token is not valid - user must re-authenticate.

 

The response body JSON structure properties: 

Name Comment
Set of OpenID Connect User claims. May differ depending on configuration

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 390010
{
    "sub": "+467212345678",
    "name": "Alan Alda",
    "phone_number": "+467212345678",
    "given_name": "Alan",
    "family_name": "Alda",
    "email": "[email protected]",
    "employee_role": "doctor"
}