UserInfo request

Consented claims about the authenticated user, such as name and email address, are retrieved from the UserInfo endpoint of the OpenID provider.

The claims are retrieved with a simple HTTP GET request which includes the previously obtained bearer access token in the Authorization header.

Example (requires SDK v5.44+):

import java.net.*;

import com.nimbusds.oauth2.sdk.http.*;
import com.nimbusds.oauth2.sdk.token.*;
import com.nimbusds.openid.connect.sdk.claims.*;


URI userInfoEndpoint;    // The UserInfoEndpoint of the OpenID provider
BearerAccessToken token; // The access token

// Make the request
HTTPResponse httpResponse = new UserInfoRequest(userInfoEndpoint, token)
    .toHTTPRequest()
    .send();

// Parse the response
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);

if (! userInfoResponse.indicatesSuccess()) {
    // The request failed, e.g. due to invalid or expired token
    System.out.println(userInfoResponse.toErrorResponse().getErrorObject().getCode());
    System.out.println(userInfoResponse.toErrorResponse().getErrorObject().getDescription());
    return;
}

// Extract the claims
UserInfo userInfo = userInfoResponse.toSuccessResponse().getUserInfo();
System.out.println("Subject: " + userInfo.getSubject());
System.out.println("Email: " + userInfo.getEmailAddress());
System.out.println("Name: " + userInfo.getName());