jspωiki
UserInfo Request

Overview [1]#

UserInfo Request is done by the Relying Party (OAuth Client) which sends the request to the Userinfo_endpoint to obtain Claims about the Resource Owner(End-User) using the Access Token obtained through OpenID Connect Authentication.

OAuth Clients MUST present a valid access_token (of type bearer) to retrieve the UserInfo Response claims. Only those claims that are scoped by the token will be made available to the OAuth Client.

UserInfo Request can use OpenID Connect Standard Claims and possibly other Claims

All Communication with the Userinfo_endpoint MUST utilize TLS.

UserInfo Request SHOULD use the HTTP GET method and the Access Token SHOULD be sent using the HTTP Request Header Authorization Header.

More Information #

There might be more information for this subject on one of the following: