UserInfo Endpoint
Protected resource that returns claims about the authenticated End-User (OIDC Core §5.3). Access requires a valid access token with 'openid' scope. Returns claims based on granted scopes (profile, email, address, phone).
UserInfo Endpoint
Protected resource that returns claims about the authenticated End-User (OIDC Core §5.3). Access requires a valid access token with 'openid' scope. Returns claims based on granted scopes (profile, email, address, phone).
ID Token
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
UserInfo Request
Client → OpenID Provider
2
Token Validation & User Lookup
OpenID Provider → OpenID Provider
3
UserInfo Response
OpenID Provider → Client
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.