POST /oauth/userinfo
Returns information about the authenticated user. Uses HTTP POST.
The platform's OAuth Provider supports retrieval of claims about the end-user via its UserInfo endpoint. This API is an OAuth 2.0-protected resource. To obtain the requested claims about an end-user, the Client should make a request to the UserInfo API using an Access Token obtained through OpenID Connect Authentication. These Claims are normally represented by a JSON object that contains a collection of name and value pairs for the Claims.
The Client can include the access token in the request parameters, query, or post, depending on the HTTP method used to invoke the UserInfo API or as an Authorization header with Bearer scheme.
Note: We recommend that the request use the HTTP GET method (GET /oauth/userinfo), sending the access token in the Authorization header. For information on why you might choose one or the other, see OAuth Operations: GET or POST?
Authorization Roles/Permissions: Anyone can run this operation.
This topic includes the following sections:
HTTP Method
POST
URL
https://{oauth-provider-url}/oauth/userinfo
Sample Request
The access token can be sent in the query parameters, as an Authorization header, or as POST body.
The first example below shows a request for the user info, with an access token sent in the request URL.
Request URL #1: access token is in parameter
https://{oauth-provider-url}/oauth/userinfo?access_token={bearer_token_value}
Request URL #2: access token is in request body:
https://{oauth-provider-url}/oauth/userinfo
Sample request headers
The example below shows the access token sent in the Authorization header (for either GET or POST). But if the token is sent as a request parameter, or in the request body, the Authorization header is not needed.
Host: docexample.akana.rcoaless.com Authorization: Bearer {bearer_token_value} Accept: application/json Content-Type: application/x-www-form-urlencoded
Sample request body (for request URL #2)
The example below shows the access token sent in the request body
access_token={bearer_token_value}
Request Headers
For general information on request header values, refer to HTTP Request Headers.
Header | Description |
---|---|
Accept | application/json |
Content-Type | application/x-www-form-urlencoded |
Host | The host header for the API call, with the server hostname. |
Authorization | The Authorization header, with the token type and token content. |
Request Parameters
Parameter | Parm Type | Data Type | Required | Description |
---|---|---|---|---|
access_token | query or body | string | Optional | The access token that was received from the authorization server after the user was authenticated. |
Response
If successful, this operation returns HTTP status code 200, with the user info.
Sample Response
The sample response below shows successful completion of this operation.
Sample response headers: application/json
Content-Type: application/json Date: Fri, 18 Sep 2020 16:35:21 GMT
Sample response body: application/json
{ "sub": "jmead", "mail": "jmead@akana.rcoaless.com", "$EMAIL": "jmead@akana.rcoaless.com", "$FULLNAME": "Jane.Mead", "cn": "Jane Mead" }
Response Headers
For general information on response header values, refer to HTTP Response Headers.
Header | Description |
---|---|
Content-Type | application/json |
Response Body
The response body is the userinfo. Exact contents depend on the OAuth Provider.
The response body includes the UserInfo claims, returned in a JSON object. The UserInfo claims include:
- Standard claims as defined in the OpenID Connect specification.
- Possibly, custom claims returned from specific identity providers.
The specific content of the response payload might vary according to the resource owner and also the scopes that are used to get the token.
The sub (subject) claim is always included in the UserInfo response. Other claims might be present, depending on the authentication response from the specific identity provider.
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
Item | Value |
---|---|
401 |
This operation might return a 401 for any of the following reasons:
|
404 |
This operation might return a 404 for any of the following reasons:
|
500 | An error occurred processing the call. |
More information about Akana OAuth API error messages.