OpenID UserInfo endpoint

class oauthlib.openid.connect.core.endpoints.userinfo.UserInfoEndpoint(request_validator)[source]

Authorizes access to userinfo resource.

create_userinfo_response(uri, http_method='GET', body=None, headers=None)[source]

Validate BearerToken and return userinfo from RequestValidator

The UserInfo Endpoint MUST return a content-type header to indicate which format is being returned. The content-type of the HTTP response MUST be application/json if the response body is a text JSON object; the response body SHOULD be encoded using UTF-8.

validate_userinfo_request(request)[source]

Ensure the request is valid.

5.3.1. UserInfo Request The Client sends the UserInfo Request using either HTTP GET or HTTP POST. The Access Token obtained from an OpenID Connect Authentication Request MUST be sent as a Bearer Token, per Section 2 of OAuth 2.0 Bearer Token Usage [RFC6750].

It is RECOMMENDED that the request use the HTTP GET method and the Access Token be sent using the Authorization header field.

The following is a non-normative example of a UserInfo Request:

GET /userinfo HTTP/1.1 Host: server.example.com Authorization: Bearer SlAV32hkKG

5.3.3. UserInfo Error Response When an error condition occurs, the UserInfo Endpoint returns an Error Response as defined in Section 3 of OAuth 2.0 Bearer Token Usage [RFC6750]. (HTTP errors unrelated to RFC 6750 are returned to the User Agent using the appropriate HTTP status code.)

The following is a non-normative example of a UserInfo Error Response:

HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer error=”invalid_token”,

error_description=”The Access Token expired”