Get user info
GET/users-srv/userinfo
This OIDC standard API returns user information based on the token in the header. Returned data depends on token scopes (from authorization endpoint) and accepted claims.
Scopes and Field Visibility
The fields returned in the response are controlled by the scopes requested during authorization. Each scope maps to specific user fields:
| Scope | Returns |
|---|---|
openid | Basic user identifier (sub) |
profile | Profile fields: given_name, family_name, name, picture, birthdate, locale, preferred_username |
email | Email-related fields: email, email_verified |
phone | Phone-related fields: mobile_number, mobile_number_verified |
address | Address information |
identities | All linked identities (social providers, etc.) |
groups | User groups with roles and metadata |
roles | User roles (default roles from CIDAAS_USERS group) |
consents | Accepted consents |
Important: Only fields that are:
- Mapped to the requested scopes in Field Settings
- Enabled in Field Settings
- Not marked as Internal in Field Settings
will be included in the response.
Field Settings Impact
Field settings configured in Field Settings control field visibility and behavior:
- Enabled: Field must be enabled to be included in the response. Disabled fields are never returned.
- Internal: Fields marked as internal are never returned in userinfo responses, even if the corresponding scope is requested. Internal fields are only accessible to administrators via admin APIs.
- ReadOnly: ReadOnly fields are returned in the response (if scope is requested and field is enabled), but users cannot modify them via self-service update APIs. Admins can still update readonly fields.
Example: If a field is configured with enabled=true, internal=true, and mapped to scope profile, it will not be returned in the userinfo response, regardless of whether the profile scope is requested.
For more information, see Field Settings and Scope Management.
Request
Responses
- 200
- 400
- 401
- 417
The response is defined by the OIDC standard and contains a user Entity; Depends on the scopes requested in the token.
Bad Request
Unauthorized
Expectation Failed