UserInfo Request is done by the Relying Party
) which sends the request
to the Userinfo_endpoint
to obtain Claims
about the Resource Owner
(End-User) using the Access Token
obtained through OpenID Connect Authentication
OAuth Clients MUST present a valid access_token (of type bearer) to retrieve the UserInfo Response claims. Only those claims that are scoped by the token will be made available to the OAuth Client.
UserInfo Request can use OpenID Connect Standard Claims and possibly other Claims
All Communication with the Userinfo_endpoint MUST utilize TLS.
UserInfo Request SHOULD use the HTTP GET method and the Access Token SHOULD be sent using the HTTP Request Header Authorization Header.
More Information #
There might be more information for this subject on one of the following: