UserInfo request

Consented claims about the authenticated user, such as name and email address, are retrieved from the UserInfo endpoint of the OpenID provider.

The claims are retrieved with a simple HTTP GET request which includes the previously obtained bearer access token in the Authorization header.

Example (requires SDK v5.44+):


import com.nimbusds.oauth2.sdk.http.*;
import com.nimbusds.oauth2.sdk.token.*;

URI userInfoEndpoint;    // The UserInfoEndpoint of the OpenID provider
BearerAccessToken token; // The access token

// Make the request
HTTPResponse httpResponse = new UserInfoRequest(userInfoEndpoint, token)

// Parse the response
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);

if (! userInfoResponse.indicatesSuccess()) {
    // The request failed, e.g. due to invalid or expired token

// Extract the claims
UserInfo userInfo = userInfoResponse.toSuccessResponse().getUserInfo();
System.out.println("Subject: " + userInfo.getSubject());
System.out.println("Email: " + userInfo.getEmailAddress());
System.out.println("Name: " + userInfo.getName());