Get User Info
This endpoint returns a JWT with claims. The access token should be sent using the Authorization header.
The VMware Identity Services tenant ID
my-tenantAn ID token was successfully returned.
{
"signature": "string",
"name": "string",
"locale": "en_US",
"nonce": "string",
"email": "string",
"expired": false,
"jwsHeader": {
"typ": "string",
"alg": "string",
"kid": "string",
"jku": "string",
"jwk": "string",
"x5u": "string",
"x5t": "string",
"x5c": "string"
},
"subject": "exampleuser@TENANT",
"aud": [
"MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174"
],
"auth_time": 1539988834,
"acr": "string",
"azp": "MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174",
"at_hash": "string",
"c_hash": "string",
"email_verified": false,
"phone_number": "string",
"updated_at": 1539988834,
"group_ids": [
"string"
],
"group_names": [
"string"
],
"exp": 1539988834,
"iat": 1539988834,
"given_name": "string",
"family_name": "string",
"sub": "exampleuser@TENANT",
"iss": "\"https://acme.vmwareidentity.com/acs\""
}signature
The end-user's full name in displayable form
The locale of the end-user
String value used to associate a Client session with an ID Token. The value is passed through unmodified from the Authentication Request to the ID Token.
customClaims
The end-user's preferred e-mail address
expired
This is the same as the subject identifier. It is maintained to provide backward compatibility with SAAS.
The audience(s) that this ID Token is intended. The audience value is the OAuth 2.0 client_id of the Relying Party.
The time when the end-user authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The authentication context used to authenticate the user
Authorized party - the party to which the ID Token was issued. Contains the OAuth 2.0 Client ID of this party.
The access token hash value. Base64url encoded value.
The hash of the access code. Base 64 URL encoded value. Returned when the ID Token is issued from the Authorization Endpoint with a "code" or "code id_token", or "code id_token token" as the response type.
The verified e-mail address of the end-user
The end-user's preferred telephone number
The time the end-user's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The IDs of all groups the user belongs to
The names of all groups the user belongs to
The expiration time on or after which the ID Token MUST NOT be accepted for processing. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The given name(s) or first name(s) of the end-user
The surname(s) or last name(s) of the end-user
The subject identifier of the subject for whom the ID Token is issued.
The identifier for the authority that issued the token
Invalid access token. The error description will contain 'error' and 'error_description' fields. See the OAuth2.0 spec for further details.