Userinfo Endpoint
GET {{url}}/userinfo
parameters:
- name: Authorization content: REQUIRED. Use Authorization header to send Bearer [access_token]
- name: Service ID (serviceId) content: REQUIRED. Identifier used to represent the given User
UserInfo Endpoint to retrieve information for the currently authenticated user. The request should use the HTTP GET method and the Access Token should be sent using the Authorization header. See https://openid.net/specs/openid-connect-basic-1_0.html#UserInfo for details.
In addition to the OpenID Connect standard scopes of profile, email, address, and phone, PRIVO provides additional scopes to request that specific sets of information be made available as Claim Values. For information about scopes, refer to the Scopes section of this documentation.
In addition to the OpenID Connect standard set of claims, (Standard Claims), PRIVO provides additional claims about the End-User. These claims, dependent on scope request, include the following:
| Claim | Definition |
|---|---|
| consent_url | URLs for the consent widget. |
| permissions | Feature permission details. |
| verification_tier | Current verification level. |
| minor | Is the User a minor? |
| role_identifier | Role identifier for the User. |
| approved | Has the User approved their account. |
| shadow_account | Applies only to children and minors. |
| site_token | Unique identifier that associates the current User with a site or service. |
| activation_time | The time in seconds when the User's account was approved. |
| parent_email | The email address for the current User's parent. Applies only to children. |
| display_names | Array of displaynames for the User. |
| consent_requests | Consent requests that are associated to the User. |
| birthdate_time | User birth date time in seconds. |
| registration_role | Role the User registered with. |
| teen | Is the User a teen? |
| teacher | Is the User a teacher? |
| student | Is the User a student? |
| pin | returns consent pin for every consent request related to the User. |
Userinfo Endpoint:
GET {{url}}/userinfo
Authorization: Bearer {access_token}
Sample Userinfo Request:
{{url}}/userinfo?serviceId=4a7578386......83550673d3d
Sample JSON Response:
{
"sub": "4a7578386......83550673d3d",
"role_identifier": "ROLE_XYZ",
"verification_tier": "G",
"minor": false,
"approved": true,
"shadow_account": false,
"site_token": "775a57627......714169312b",
"activation_time": 1448035241,
"parent_email": "someParentEmail@domain.com",
"birthdate": "1990-01-01",
"consent_urls": [
{
"first_name": "Mickey",
"consent_url": "{{url}}/e/r/a?token=445333.....513d3d"
}
],
"permissions": [
{
"on": true,
"consent_date": 1448035241,
"request_date": 1448035241,
"feature_active": true,
"feature_id": 99999,
"feature_identifier": "FEATURE_XYZ",
"feature_name": "A very special feature"
}
],
"address": {
"region": "FL",
"locality": "Tampa",
"country": "US",
"formatted": "100 Some St Tampa FL, 32810",
"postal_code": "32810",
"street_address": "100 Some St"
},
"email": "someUserEmail@domain.com",
"email_verified": true,
"family_name": "Moose",
"gender": "male",
"given_name": "Mickey",
"locale": "en_US",
"middle_name": "V",
"name": "Mickey Moose",
"nickname": "mmoose123",
"phone_number": "+1 (000) 0000-0000",
"phone_number_verified": false,
"picture": "{{url}}/images/avatar/PRIVOdogGus.jpg",
"preferred_username": "mmoose123",
"profile": "/api/account/4a7578386......83550673d3d",
"updated_at": "1448035241",
"website": "/api/account/4a7578386......83550673d3d",
"zoneinfo": "America/New_York"
}