!!! Overview [1]
[{$pagename}] is returned from the [Userinfo_endpoint] to the [OpenID Connect] [Relying Party] ([OAuth Client]) as the [response] to the [UserInfo Request].* The UserInfo Claims [MUST] be returned as the members of a [JSON Object]. 
* The response body SHOULD be encoded using [UTF-8]. 
* The [OpenID Connect Standard Claims] can be returned, as can additional Claims not specified.
* If a Claim is not returned, that Claim Name [SHOULD] be omitted from the [JSON Object] representing the Claims; A [Claim] value [SHOULD NOT] be present with a [null] or empty string value.
* The [sub] (subject) [Claim] [MUST] always be returned in the [{$pagename}].

!! [{$pagename}] [Validation]
Due to the possibility of [token substitution attacks], the [{$pagename}] is not guaranteed to be about the End-User identified by the [sub] (subject) element of the [Id_token]. The [sub] Claim in the [{$pagename}] [MUST] be verified to exactly match the [sub] Claim in the [Id_token]; if they do not match, the [{$pagename}] values [MUST NOT] be used.

The [OpenID Connect] [Relying Party] [MUST] verify that the [OpenID Connect Provider] that responded was the intended [OpenID Connect Provider] through a [TLS] server certificate check, per [RFC 6125].

 [Relying Party] [MUST] perform [OAuth Scope Validation] to insure the scopes in the [UserInfo Request] were provided.

!! More Information 
There might be more information for this subject on one of the following: 
[{ReferringPagesPlugin before='*' after='\n' }] 
---- 
* [#1] - [OpenID Connect Basic Client Implementer's Guide 1.0|https://openid.net/specs/openid-connect-basic-1_0.html#UserInfoResponse|target='_blank'] - based on data observed:2016-05-18