PingOne Platform APIs

Userinfo (POST)

POST {{authPath}}/{{envID}}/as/userinfo

The UserInfo Endpoint is an OAuth 2.0 protected resource that returns claims about the authenticated end user. Note that the /{{envID}}/as/userinfo request takes an access token in the Authorization header to get the claims about the user.

You can use the POST /{{envID}}/as/userinfo operation to obtain a userinfo authorization grant.

Userinfo authorization requests

A userinfo authorization request is used with applications associated with the openid resource. The value for the Authorization header is the Bearer token returned by the following authorization request:

https://auth.pingone.com/{{envID}}/as/authorize?client_id={{appID}}&redirect_uri={{redirect_uri}}&response_type=token&scope=openid profile email address

In the authorization request, the scope attribute must specify the openid value, which includes the sub claim (the user ID) in the response data. Additional OpenID Connect scopes such as profile, address, phone and email can also be included to add more user claims to the response.

Grants and scopes with userinfo

The token used with the /{{envID}}/as/userinfo endpoint must be generated by an implicit or authorization_code grant type. PingOne user scopes such as p1:reset:userPassword are not applicable to userinfo authorization requests and applications associated with the openid resource.

Access tokens generated from a client_credentials grant type return an ACCESS_FAILED message when used with the /{{envID}}/as/userinfo endpoint. Tokens from a client_credentials grant use administrator permissions granted through role assignments.

Prerequisites

Headers

Authorization      Bearer {{accessToken}}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff --request POST '{{authPath}}/{{envID}}/as/userinfo' \
--header 'Authorization: Bearer {{accessToken}}'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/userinfo")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Authorization", "Bearer {{accessToken}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/userinfo"
  method := "POST"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /{{envID}}/as/userinfo HTTP/1.1
Host: {{authPath}}
Authorization: Bearer {{accessToken}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/userinfo")
  .method("POST", body)
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/userinfo",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Authorization": "Bearer {{accessToken}}"
  },
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{authPath}}/{{envID}}/as/userinfo',
  'headers': {
    'Authorization': 'Bearer {{accessToken}}'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/userinfo"

payload = {}
headers = {
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/userinfo');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Authorization' => 'Bearer {{accessToken}}'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/userinfo")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Authorization"] = "Bearer {{accessToken}}"

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/userinfo")!,timeoutInterval: Double.infinity)
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

{
    "family_name": "Doe",
    "address": {
        "country": "US",
        "postal_code": "78750",
        "region": "TX",
        "locality": "Austin",
        "street_address": "123 Happy Street"
    },
    "given_name": "John",
    "email": "jdoe@example.com",
    "preferred_username": "jdoe",
    "updated_at": 1535377850,
    "name": "John Doe",
    "middle_name": "J",
    "sub": "0986b513-ae1f-4312-8d8d-a31eb79133ad"
}