User info
The user info endpoint is used to retrieve user attributes. Clients use the access_token
from the token response as a bearer token in the HTTP Authorization header. To request attributes, send an HTTP GET request to the /api/openid_connect/userinfo
endpoint. View an example request and response in the side panel.
User info response
The user info response will be a JSON object containing user attributes. Login.gov supports some of the standard claims from OIDC 1.0. In addition to the user attributes, the following information will also be present:
iss (string)
The issuer of the response, which will be the URL of the Login.gov IdP, for example: https://idp.int.identitysandbox.gov
email_verified (boolean)
Whether the email has been verified. Currently, Login.gov only supports verified emails.
- Requires
email
scope
phone_verified (boolean)
Whether the phone number has been verified. Currently, Login.gov only supports verified phones.
- Requires the
phone
scope and an identity verified account
verified_at (number, null)
When the user's identity was last verified, as an integer timestamp representing the number of seconds since the Unix Epoch, or null
if the account has never been verified.
- Requires the
profile:verified_at
scope
GET https://idp.int.identitysandbox.gov/api/openid_connect/userinfo
Authorization: Bearer hhJES3wcgjI55jzjBvZpNQ
{
"address": {
"formatted": "123 Main St Apt 123\nWashington, DC 20001",
"street_address": "123 Main St Apt 123",
"locality": "Washington",
"region": "DC",
"postal_code": "20001"
},
"birthdate": "1970-01-01",
"email": "test@example.com",
"email_verified": true,
"all_emails": ["test@example.com", "test2@example.com"],
"locale": "en",
"family_name": "Smith",
"given_name": "John",
"iss": "https://idp.int.identitysandbox.gov",
"phone": "+18881112222",
"phone_verified": true,
"social_security_number": "111223333",
"sub": "b2d2d115-1d7e-4579-b9d6-f8e84f4f56ca",
"verified_at": 1577854800
}