Document toolboxDocument toolbox

api-userinfo

Owned by Kristoffer Kristoffer (Unlicensed)
Last updated: 22 Aug 2023 by Matheus SrebroVersion comment
2 min read

The userinfo endpoint may be used to retrieve additional information about an end user beyond what is contained in the ID Token. The end user in question is given by the sub value contained in the access token.

By including the supported scopes in the Authorize request, the end user will be presented with consent dialogues (see User Experience) for the requested end user information. If consent is given, you'll be able to access the TINFO resource server by utilizing the userinfo endpoint to get the requested end user data by using the Access token as Bearer token.

Experimental

The consent dialogue views and the optional end user information, with the exception of Norwegian National Identity number, are considered experimental. The service can be used freely by merchants, but further development and feature request will not be prioritized going forward. We advice merchants that require information such as email, address and phone number to handle this in their own application as the user may choose to not provide this information through the BankID OIDC service.

Overview

URLhttps://<userinfo-baseurl>/userinfo
Request

GET without any parameters

POST is not supported

CORS is not supported

AuthenticationAccess Token as Bearer Token in Authorization Header
Response
200OKJWT containing 24874769
401UnathorizedBearer token is not accepted for any reason

Error responses contains further information on the reason according to standard.

ExampleSee 24874769

Response elements

Userinfo returns signed responses in JWT format. The claims contained in the encoded JWT includes supported standard claims (see table below) along with the following additional claims:

ClaimExampleDescription
iss<userinfo-baseurl>Userinfo (TINFO) Resource Server
audoidc-testclientRequesting OIDC client

Standard claims

ClaimScopeSupportConsentComment
sub(any)(tick) Yes
Subject Identifier. Also contained in ID Token
nameprofile(tick) Yes
Common Name from associated BankID certificate. Also contained in ID Token 
given_nameprofile(tick) Yes
First name part of the name claim. Also contained in ID Token 
familiy_nameprofile(tick) Yes
Last name (surname) part of the name claim. Also contained in ID Token 
middle_nameprofile(error) No

nicknameprofile(error) No

preferred_usernameprofile(error) No

profileprofile(error) No

pictureprofile(error) No

websiteprofile(error) No

emailemail(tick) Yes(info) Consent requiredEmail is registered by end user themselves via consent dialogues after authentication
email_verifiedemail(error) No

genderprofile(error) No

birthdateprofile(tick) Yes
Birthdate from associated BankID certificate. Also contained in ID Token 
zoneinfoprofile(error) No

localeprofile(error) No

phone_numberphone(tick) Yes(info) Consent requiredPhone number is registered by end user themselves via consent dialogues after authentication
phone_number_verifiedphone(error) No

addressaddress(tick) Yes(info) Consent required

JSON structure with sub-elements as shown below

Address is registered by the end user themselves via consent dialogues after authentication

address:formattedaddress(tick) Yes(see address)Full address string

address:street_address

address(tick) Yes(see address)Street address
address:localityaddress(tick) Yes(see address)Norwegian "poststed"
address:regionaddress(error) No(see address)
address:postal_codeaddress(tick) Yes(see address)Norwegian "postnummer"
address:countryaddress(error) No(see address)
updated_atprofile(tick) Yes
Epoch time for latest update of any of the supported TINFO data elements
nninnnin(tick) YesConsent requiredNorwegian National Identity Number

Example

Response

Decoded response
{
  "iss": "https://userinfo.current.bankid.no",
  "sub": "9578-6000-4-00001",
  "aud": "oidc-testclient",
  "name": "Ola Normann",
  "given_name": "Ola",
  "family_name": "Normann",
  "updated_at": 1519992419860,
  "email": "normann@example.org",
  "birthdate": "110286",
  "phone_number": "95871775",
  "address": {
    "formatted": "Veien 311\nOslo 0772",
    "street_address": "Veien 311",
    "locality": "0772",
    "postal_code": "Oslo"
  }
}