Userinfo is a standard endpoint associated with the Resource Server for the TINFO service. It constitutes a Protected Endpoint and requires a Default Bearer Access Token contain in the Authorization header of the request. Userinfo provides additional claims about an authenticated user beyond the claims that are directly contain in the ID Token. 

Due to the possibility of token substitution attacks, the UserInfo Response is not guaranteed to be about the enduser identified by the sub (subject) element of the ID Token. The sub Claim in the UserInfo Response must be verified to exactly match the sub Claim in the ID Token; if they do not match, the UserInfo Response values MUST NOT be used.

The response from Userinfo is signed and should be validated accordingly.

Example

x

y

Below is an example response from the OIDC Provider in its BankID pilot configuration in pre-production:

{
"sub": "9578-6000-4-127698",
"iss": "https://preprod.bankidapis.no",
"iat": 1485866449,
"exp": 1485870048,
"preferred_username": "Testesen, Test",
"name": "Testesen, Test",
"given_name": "Test",
"family_name": "Testesen",
"birthdate": "1980-03-09",
"nnin": "09038000010"
}