Overview [1]#
UserInfo Request is done by the Relying Party (OAuth Client) which sends the request to the Userinfo_endpoint to obtain Claims about the Resource Owner(End-User) using the Access Token obtained through OpenID Connect Authentication. OAuth Clients MUST present a valid access_token (of type bearer) to retrieve the UserInfo Response claims. Only those claims that are scoped by the token will be made available to the OAuth Client.UserInfo Request can use OpenID Connect Standard Claims and possibly other Claims
All Communication with the Userinfo_endpoint MUST utilize TLS.
UserInfo Request SHOULD use the HTTP GET method and the Access Token SHOULD be sent using the HTTP Request Header Authorization Header.
More Information #
There might be more information for this subject on one of the following:- Authorization Code Flow
- Default Profile Claims
- OAuth Scope Validation
- OpenID Connect Standard Claims
- UserInfo Response
- Userinfo_endpoint
- [#1] - OpenID Connect Basic Client Implementer's Guide 1.0
- based on data observed:2016-05-18
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!