GET /oauth/userinfo

The /oauth/userinfo endpoint allows an application to fetch user data in OpenID Standard Claims format, as defined by the OpenID Connect specification.

What data is returned depends on the scopes in the token. There are 4 scopes that you may request, in addition to the required openid scope, when getting a token:

  • profile
  • email
  • phone
  • address

The scopes are requested as part of the authorization code flow, the password grant flow, or the oauth/ro flow.

Request

GET /oauth/userinfo
Authorization: Bearer eyJ0eXAiOiJK...jUaR-nZOx5MGg

Response

HTTP/1.1 200 OK
Content-Length: 764
Content-Type: application/json
Date: Mon, 29 Feb 2016 13:37:00 GMT

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567",
    "name": "John Doe",
    "given_name": "John",
    "family_name": "Doe",
    "preferred_username": "johnnyDoey",
    "picture": "https://secure.gravatar.com/avatar/a41dadb0ace224188c7b830116dc2f5c?s=200",
    "gender": "male",
    "birthdate": "1984-04-01",
    "locale": "en-US",
    "updated_at": 1503667376,
    "email": "john.doe@example.com",
    "email_verified": true,
    "phone_number": "+155555555",
    "phone_number_verified": false,
    "address": {
        "formatted": "1 Roadster st.",
        "street_address": "1 Roadster st., 1111, The Moon, US",
        "locality": "The Moon",
        "postal_code": "1111",
        "country": "US"
    }
}

Failure cases

  • 401 Unauthorized Invalid, expired or malformed token
  • 403 Forbidden Missing 'openid' scope in token

Scopes

Scopes can be combined into space separated strings. To get all fields, you need to ask for openid profile email phone address.

Scope: openid

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567"
}

Scope: profile

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567",
    "name": "John Doe",
    "given_name": "John",
    "family_name": "Doe",
    "preferred_username": "johnnyDoey",
    "picture": "https://secure.gravatar.com/avatar/a41dadb0ace224188c7b830116dc2f5c?s=200",
    "gender": "male",
    "birthdate": "1984-04-01",
    "locale": "en-US",
    "updated_at": 1503667376
}

Scope: email

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567",
    "email": "john.doe@example.com",
    "email_verified": true
}

Scope: phone

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567",
    "phone_number": "+155555555",
    "phone_number_verified": false
}

Scope: address

{
    "sub": "5d75167d-8841-5072-89cb-985915e2dbb3",
    "legacy_user_id": "1234567",
    "address": {
        "formatted": "1 Roadster st.",
        "street_address": "1 Roadster st., 1111, The Moon, US",
        "locality": "The Moon",
        "postal_code": "1111",
        "country": "US"
    }
}

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.