The userinfo API may be used to retrieve additional information about an end user beyond what is contained in the ID Token. The end user in question is given by the sub value contained in the access token. The implementation of userinfo is according to the OpenID Connect standard.
By including the supported scopes in the authorize request, the end user will be presented with consent dialogues for the requested end user information. If consent is given, you'll be able to access the TINFO resource servers by utilizing the Userinfo (TINFO Userinfo Endpoints) API to get the requested end user data by using the Access token as Bearer token.
Overview
| URL | https://<tinfo-userinfo-baseurl>/userinfo | ||||||
|---|---|---|---|---|---|---|---|
| Request |
CORS is not supported | ||||||
| Authentication | Access Token as Bearer Token in Authorization Header | ||||||
| Response |
Error responses contains further information on the reason according to standard. | ||||||
| Example | See below |
Response elements
Userinfo returns signed responses in JWT format. The claims contained in the encoded JWT includes supported standard claims (see table below) along with the following additional claims:
| Claim | Example | Description |
|---|---|---|
iss | <tinfo-baseurl> | TINFO Resource Server |
aud | oidc-testclient | Requesting OIDC client |
Standard claims
| Claim | Scope | Support | Consent | Comment |
|---|---|---|---|---|
sub | profile |  | Subject Identifier. Also contained in ID Token | |
name | profile | | Common Name from associated BankID certificate. Also contained in ID Token | |
given_name | profile | | First name part of the name claim. Also contained in ID Token | |
familiy_name | profile | | Last name (surname) part of the name claim. Also contained in ID Token | |
middle_name | profile |  | ||
nickname | profile | | ||
preferred_username | profile | | ||
profile | profile | | ||
picture | profile | | ||
website | profile | | ||
email | email | |  | Email is registered by end user himself for the TINFO service |
email_verified | email | | ||
gender | profile | | ||
birthdate | profile | | Birthdate from associated BankID certificate. Also contained in ID Token | |
zoneinfo | profile | | ||
locale | profile | | ||
phone_number | phone | | | Phone number is registered by end user himself for the TINFO service |
phone_number_verified | phone | | ||
address | address | | | JSON structure with sub-elements as shown below Address is registered by the end user himself for the TINFO service |
address:formatted | address | | Full address string | |
| address | | Street address from | |
address:locality | address | | Norwegian "poststed" | |
address:region | address | | ||
address:postal_code | address | | Norwegian "postnummer" | |
address:country | address | | ||
updated_at | profile | | Epoc time for latest update of any of the supported TINFO data elements | |
| nnin | nnin | | | Norwegian National Identiy Number (aka Norwegian SSN). |
Example
Userinfo request
TBC
Decoded response
{
"iss": "https://prototype.bankidnorge.no/tinfo-core-systemtest/",
"sub": "9578-6000-4-30799",
"aud": "oidc-testclient",
"name": "Frode Beckmann NIlsen",
"given_name": "Frode",
"family_name": "NIlsen",
"updated_at": 1519992419860,
"email": "frobnil@online.no",
"birthdate": "181266",
"phone_number": "95871775",
"address": {
"formatted": "Lybekkveien 11C\nOslo 0772",
"street_address": "Lybekkveien 11C",
"locality": "0772",
"postal_code": "Oslo"
}
}