Doubt regarding UserInfo Endpoint in OIDC

This post was flagged by the community and is temporarily hidden.

The UserInfo Endpoint in OpenID Connect (OIDC) serves the purpose of providing additional user information or claims about the authenticated user. This endpoint is designed to offer a standardized way for clients to retrieve user attributes and profile data from the OpenID Provider. I hope it helps.

1 Like

@Deependra015 Thank you for explanation but how it is used?

Here’s how UserInfo Endpoint is used in OIDC:

(1) Authentication and Authorization: When a user successfully logs in and authorizes a client application , the Identity Provider (which is OpenID Connect Provider) issues an ID Token to the client.
(2) Requesting User Information: If the client application needs more detailed user information beyond what is available in the ID Token, it can make a separate HTTP request to the UserInfo Endpoint.
(3) User Information Response: If the Access Token is valid, and the client has the necessary permissions, the UserInfo Endpoint responds with a JSON object containing the requested user attributes and claims.
(4) Use of User Information: The client application can use the received user information to personalize the user experience, display the user’s profile, or perform other user-specific operations as required.

By using the UserInfo Endpoint, OIDC allows for a separation of concerns in user information retrieval. The ID Token provides a minimal set of user information for basic authentication and authorization purposes, while the UserInfo Endpoint provides a way for clients to request more detailed user attributes only when needed.

1 Like

Can you share sequence of steps involved in retrieving user information from the UserInfo Endpoint and how client applications can use this information?

  1. Complete an OIDC flow (Implicit, Authorization Code, Resource Owner Password Grant) that returns an access token (for implicit, response_type=token).
  2. Take the Access Token and send it as a Bearer token to the Userinfo endpoint (for the server that issued the token, aka the “iss” claim + “/v1/userinfo”
1 Like