Userinfo Endpoint

GET {{url}}/userinfo

parameters:

  • name: Authorization content: REQUIRED. Use Authorization header to send Bearer [access_token]
  • name: Service ID (serviceId) content: REQUIRED. Identifier used to represent the given User

UserInfo Endpoint to retrieve information for the currently authenticated user. The request should use the HTTP GET method and the Access Token should be sent using the Authorization header. See https://openid.net/specs/openid-connect-basic-1_0.html#UserInfo for details.

In addition to the OpenID Connect standard scopes of profile, email, address, and phone, PRIVO provides additional scopes to request that specific sets of information be made available as Claim Values. For information about scopes, refer to the Scopes section of this documentation.

In addition to the OpenID Connect standard set of claims, (Standard Claims), PRIVO provides additional claims about the End-User. These claims, dependent on scope request, include the following:

ClaimDefinition
consent_urlURLs for the consent widget.
permissionsFeature permission details.
verification_tierCurrent verification level.
minorIs the User a minor?
role_identifierRole identifier for the User.
approvedHas the User approved their account.
shadow_accountApplies only to children and minors.
site_tokenUnique identifier that associates the current User with a site or service.
activation_timeThe time in seconds when the User's account was approved.
parent_emailThe email address for the current User's parent. Applies only to children.
display_namesArray of displaynames for the User.
consent_requestsConsent requests that are associated to the User.
birthdate_timeUser birth date time in seconds.
registration_roleRole the User registered with.
teenIs the User a teen?
teacherIs the User a teacher?
studentIs the User a student?
pinreturns consent pin for every consent request related to the User.

Userinfo Endpoint:

  GET  {{url}}/userinfo
  Authorization: Bearer {access_token}

Sample Userinfo Request:

  {{url}}/userinfo?serviceId=4a7578386......83550673d3d

Sample JSON Response:

{
  "sub": "4a7578386......83550673d3d",
  "role_identifier": "ROLE_XYZ",
  "verification_tier": "G",
  "minor": false,
  "approved": true,
  "shadow_account": false,
  "site_token": "775a57627......714169312b",
  "activation_time": 1448035241,
  "parent_email": "someParentEmail@domain.com",
  "birthdate": "1990-01-01",
  "consent_urls": [
    {
      "first_name": "Mickey",
      "consent_url": "{{url}}/e/r/a?token=445333.....513d3d"
    }
  ],
  "permissions": [
    {
      "on": true,
      "consent_date": 1448035241,
      "request_date": 1448035241,
      "feature_active": true,
      "feature_id": 99999,
      "feature_identifier": "FEATURE_XYZ",
      "feature_name": "A very special feature"
    }
  ],
  "address": {
    "region": "FL",
    "locality": "Tampa",
    "country": "US",
    "formatted": "100 Some St Tampa FL, 32810",
    "postal_code": "32810",
    "street_address": "100 Some St"
  },
  "email": "someUserEmail@domain.com",
  "email_verified": true,
  "family_name": "Moose",
  "gender": "male",
  "given_name": "Mickey",
  "locale": "en_US",
  "middle_name": "V",
  "name": "Mickey Moose",
  "nickname": "mmoose123",
  "phone_number": "+1 (000) 0000-0000",
  "phone_number_verified": false,
  "picture": "{{url}}/images/avatar/PRIVOdogGus.jpg",
  "preferred_username": "mmoose123",
  "profile": "/api/account/4a7578386......83550673d3d",
  "updated_at": "1448035241",
  "website": "/api/account/4a7578386......83550673d3d",
  "zoneinfo": "America/New_York"
}