Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

OpenID Connect

OpenID Connect (OIDC) is a simple identity layer built on top of the OAuth 2.0 protocol. Login.gov supports version 1.0 of the specification and conforms to the iGov Profile.

User info

The user info endpoint is used to retrieve user attributes. Clients use the access_token from the token response as a bearer token in the HTTP Authorization header. To request attributes, send an HTTP GET request to the /api/openid_connect/userinfo endpoint. View an example request and response in the side panel.

User info response

The user info response will be a JSON object containing user attributes. Login.gov supports some of the standard claims from OIDC 1.0. In addition to the user attributes, the following information will also be present:

iss (string)

The issuer of the response, which will be the URL of the Login.gov IdP, for example: https://idp.int.identitysandbox.gov

email_verified (boolean)

Whether the email has been verified. Currently, Login.gov only supports verified emails.
  • Requires email scope

phone_verified (boolean)

Whether the phone number has been verified. Currently, Login.gov only supports verified phones.
  • Requires the phone scope and an identity verified account

verified_at (number, null)

When the user's identity was last verified, as an integer timestamp representing the number of seconds since the Unix Epoch, or null if the account has never been verified.
  • Requires the profile:verified_at scope
Next step: Certificates 
GET https://idp.int.identitysandbox.gov/api/openid_connect/userinfo
Authorization: Bearer hhJES3wcgjI55jzjBvZpNQ
Next step: Certificates
Edit this page
Return to top