Skip to content

Overview#

Userinfo endpoint is an OAuth2 protected endpoint that is used to retrieve claims about an authenticated end-user. Userinfo endpoint is defined in the OpenID Connect specification.

URL to access userinfo endpoint on Janssen Server is listed in the response of Janssen Server's well-known configuration endpoint given below.

https://janssen.server.host/jans-auth/.well-known/openid-configuration

userinfo_endpoint claim in the response specifies the URL for userinfo endpoint. By default, userinfo endpoint looks like below:

https://janssen.server.host/jans-auth/restv1/userinfo

In response to a valid request, the userinfo endpoint returns user information in JSON format similar to below:

  HTTP/1.1 200 OK
  Content-Type: application/json

  {
   "sub": "3482897610054",
   "jti": "sdu28g9c761g0y0g5",
   "client_id": "db6daf8c-ab1b-4010-9fb0",
   "name": "Chad Wick",
   "given_name": "Chad",
   "family_name": "Wick",
   "preferred_username": "c.wick",
   "email": "cwick@jans.com",
   "picture": "http://mysite.com/mypic.jpg"
  }

User Info response should contain: sub, jti and client_id claims.

Since userinfo endpoint is an OAuth2 protected resource, a valid access token with appropriate scope is required to access the endpoint. More information about request and response of the userinfo endpoint can be found in the OpenAPI specification of jans-auth-server module.

Disabling The Endpoint Using Feature Flag#

userinfo endpoint can be enabled or disable using USERINFO feature flag. Use Janssen Text-based UI(TUI) or Janssen command-line interface to perform this task.

When using TUI, navigate via Auth Server->Properties->enabledFeatureFlags to screen below. From here, enable or disable USERINFO flag as required.

Configuration Properties#

Userinfo endpoint can be further configured using Janssen Server configuration properties listed below. When using Janssen Text-based UI(TUI) to configure the properties, navigate via Auth Server->Properties.

Using Scopes To Control Claim Release#

Standard Scopes#

In context of OpenID Connect specification, claim information released by userinfo endpoint can be controlled using scopes. Janssen Server supports all standard scopes and releases corresponding claims as per OpenID Connect specification. Administrator can customise standard scopes and define claims to be linked to each standard scope.

When using Janssen Text-based UI(TUI) to configure the scopes, navigate via Auth Server->Scopes->Add Scopes->Scope Type as OpenID->search for a standard scope like address

Dynamic Scopes#

In addition to standard scopes, Janssen server allows defining custom scopes which can be associated to user-defined list of claims. This allows administrators to create custom groupings of claims.

When using Janssen Text-based UI(TUI), navigate via Auth Server->Scopes->Add Scopes->Scope Type as Dynamic

Interception Scripts#

Response from userinfo can be further customized using dynamic scope interception script.

Administrator can attach a dynamic scope script to a dynamic scope using Janssen Text-based UI(TUI). Navigate to Auth Server->Scopes->Add Scopes->Scope Type as Dynamic->Dynamic Scope Script

Want to contribute?#

If you have content you'd like to contribute to this page in the meantime, you can get started with our Contribution guide.


Last update: 2024-09-27
Created: 2022-07-21