RequestGET with Authorization header
AuthenticationDefault Bearer Access Token 
Request parametersNone
Response elementsSigned JSON (JWS) according to standard
ExampleSee below

Userinfo is a standard endpoint associated with the Resource Server for the TINFO service. It constitutes a Protected Endpoint and requires a Default Bearer Access Token contain in the Authorization header of the request. Userinfo provides additional claims about an authenticated user beyond the claims that are directly contain in the ID Token

Due to the possibility of token substitution attacks, the UserInfo Response is not guaranteed to be about the enduser identified by the sub (subject) element of the ID Token. The sub Claim in the UserInfo Response must be verified to exactly match the sub Claim in the ID Token; if they do not match, the UserInfo Response values MUST NOT be used.

The response from Userinfo is signed and should be validated accordingly.


The following example shows a request / response pair for the Userinfo endpoint at the BankID pilot in pre-production. The example is generated from Postman (which is configured as a client at the OIDC Provider). The value for the access token in the authorization header (Authorization: Bearer 4497db915b5b479191c81a7854a2fa8) is taken from the corresponding example for the Token endpoint. 

GET /oidc/oauth/userinfo HTTP/1.1
cache-control: no-cache
Postman-Token: 928f68f1-a0fe-43d9-9019-ee7b4d7aaa43
Authorization: Bearer 4497db915b5b479191c81a7854a2fa8
User-Agent: PostmanRuntime/3.0.11-hotfix.2
Accept: */*
Host: preprod.bankidapis.no
Connection: close
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Thu, 25 May 2017 11:28:05 GMT
Connection: close
Content-Length: 253

    "birthdate": "1966-12-18",
    "exp": 1495714163,
    "family_name": "Nilsen",
    "given_name": "Frode Beckmann",
    "iat": 1495710576,
    "iss": "https://preprod.bankidapis.no",
    "name": "Frode Beckmann Nilsen",
    "preferred_username": "Frode Beckmann Nilsen",
    "sub": "9578-6000-4-30799"