Fortinet white logo
Fortinet white logo

REST API Solution Guide

OIDC Userinfo (/oauth/userinfo/)

OIDC Userinfo (/oauth/userinfo/)

URL: https://[server_name]/api/v1/oauth/userinfo/

The UserInfo endpoint is supplied as part of the OIDC service, and is used to retrieve more information about the user than was supplied in the ID token when the user logged in to the OIDC client.

Allowed methods

HTTP method Resource URI Action

Note

GET /api/v1/oauth/userinfo/ Verify specified token and returns claims.

The access token must be placed in the Authorization header of the request in this format: 'Authorization: Bearer [ACCESS_TOKEN]'

Response codes

Code Response content Description
200 OK Claims are returned upon success. Token was successfully verified.
401 Unauthorized because the access token provided is expired, revoked, malformed, or invalid for other reasons.

Example

curl -k -v -X GET \
https://[FAC_IP]/api/v1/oauth/userinfo/ \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer Ua3tkmlDtePw7EQIXb1a2oGNkw4Li'
Response:
{
    "sub": "2",
    "email": "test@test.com",
    "username" : "test",
    "groups" : "SW,HW",
}

OIDC Userinfo (/oauth/userinfo/)

OIDC Userinfo (/oauth/userinfo/)

URL: https://[server_name]/api/v1/oauth/userinfo/

The UserInfo endpoint is supplied as part of the OIDC service, and is used to retrieve more information about the user than was supplied in the ID token when the user logged in to the OIDC client.

Allowed methods

HTTP method Resource URI Action

Note

GET /api/v1/oauth/userinfo/ Verify specified token and returns claims.

The access token must be placed in the Authorization header of the request in this format: 'Authorization: Bearer [ACCESS_TOKEN]'

Response codes

Code Response content Description
200 OK Claims are returned upon success. Token was successfully verified.
401 Unauthorized because the access token provided is expired, revoked, malformed, or invalid for other reasons.

Example

curl -k -v -X GET \
https://[FAC_IP]/api/v1/oauth/userinfo/ \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer Ua3tkmlDtePw7EQIXb1a2oGNkw4Li'
Response:
{
    "sub": "2",
    "email": "test@test.com",
    "username" : "test",
    "groups" : "SW,HW",
}