Return user claims

GET /userinfo

Returns a JSON object containing claims about the currently authenticated end-user, identified by the Bearer access token supplied in the Authorization header. Only claims whose values are non-null for the given user are included in the response. The sub claim is always present. All other standard claims (name, given_name, family_name, email, phone_number, birthdate, gender, locale, updated_at, address) are included when available. The set of returned claims is further constrained by the scopes granted to the access token: profile enables name and profile claims, email enables the email claim, phone enables the phone claim, and address enables the address claim. Implements the GET variant required by OIDC Core 1.0 Section 5.3. Refer to the introduction section for details on how to configure this use case.

Request

Header Parameters

Authorization stringrequired

Bearer access token issued by the authorization server. Format: Bearer <access_token>.

Responses

User claims returned successfully

application/json

Schema
Example (from schema)

Schema

sub stringrequired

Subject identifier — the nevisIDM user's external ID (extid).

name string

Full name of the user, composed from title, first name, and family name.

given_name string

Given name (first name) of the user.

family_name string

Family name (surname) of the user.

preferred_username string

Preferred username — the nevisIDM login ID.

email string

Email address of the user.

phone_number string

Phone number of the user.

birthdate string

Birthdate of the user in ISO 8601 format (YYYY-MM-DD).

gender string

Possible values: [male, female, other, unknown]

Gender of the user. Derived from the nevisIDM sex code.

locale string

Locale of the user in BCP 47 format.

updated_at int64

Time the user's information was last updated, as Unix epoch seconds.

address object

Physical mailing address of the user.

formatted string

Full formatted address.

street_address string

Street address, including house number.

locality string

City or locality.

region string

Region or state.

postal_code string

Postal or ZIP code.

country string

Country name.

{
  "sub": "user-123",
  "name": "Dr. John Doe",
  "given_name": "John",
  "family_name": "Doe",
  "preferred_username": "johndoe",
  "email": "[email protected]",
  "phone_number": "+41791234567",
  "birthdate": "1980-01-01",
  "gender": "male",
  "locale": "en-US",
  "updated_at": 1633036800,
  "address": {
    "formatted": "Dr. John Doe, Badenerstrasse 13, 8004 Zürich, Switzerland",
    "street_address": "Badenerstrasse 13",
    "locality": "Zürich",
    "region": "ZH",
    "postal_code": "8004",
    "country": "Switzerland"
  }
}

The access token is missing, expired, revoked, or otherwise invalid. The response includes a WWW-Authenticate header with an error code.

Return user claims

/userinfo

Request​

Header Parameters

Responses​

Request

Responses