Get User Info Post

Get User Info Post

This endpoint returns a JWT with claims. The Access Token should be sent using the Authorization header field.

Request
URI
POST
https://{api_host}//acs/t/{tenant}/userinfo
COPY
Path Parameters
string
tenant
Required

The VMware Identity Services tenant ID

tenant example
my-tenant

Authentication
This operation uses the following authentication methods.
Responses
200

An ID token was successfully returned.

Returns IdToken of type(s) application/json
{
    "signature": "string",
    "name": "string",
    "locale": "en_US",
    "nonce": "string",
    "email": "string",
    "expired": false,
    "jwsHeader": {
        "typ": "string",
        "alg": "string",
        "kid": "string",
        "jku": "string",
        "jwk": "string",
        "x5u": "string",
        "x5t": "string",
        "x5c": "string"
    },
    "subject": "exampleuser@TENANT",
    "aud": [
        "MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174"
    ],
    "auth_time": 1539988834,
    "acr": "string",
    "azp": "MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174",
    "at_hash": "string",
    "c_hash": "string",
    "email_verified": false,
    "phone_number": "string",
    "updated_at": 1539988834,
    "group_ids": [
        "string"
    ],
    "group_names": [
        "string"
    ],
    "exp": 1539988834,
    "iat": 1539988834,
    "given_name": "string",
    "family_name": "string",
    "sub": "exampleuser@TENANT",
    "iss": "\"https://acme.vmwareidentity.com/acs\""
}
string
signature
Optional

signature

string
name
Optional

The end-user's full name in displayable form

string
locale
Optional

The locale of the end-user

string
nonce
Optional

String value used to associate a Client session with an ID Token. The value is passed through unmodified from the Authentication Request to the ID Token.

object
customClaims
Optional

customClaims

string
email
Optional

The end-user's preferred e-mail address

boolean
expired
Optional

expired

jwsHeader
Optional

jwsHeader

string
subject
Required

This is the same as the subject identifier. It is maintained to provide backward compatibility with SAAS.

array of string
aud
Optional

The audience(s) that this ID Token is intended. The audience value is the OAuth 2.0 client_id of the Relying Party.

integer As int64 As int64
auth_time
Optional

The time when the end-user authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

string
acr
Optional

The authentication context used to authenticate the user

string
azp
Optional

Authorized party - the party to which the ID Token was issued. Contains the OAuth 2.0 Client ID of this party.

string
at_hash
Optional

The access token hash value. Base64url encoded value.

string
c_hash
Optional

The hash of the access code. Base 64 URL encoded value. Returned when the ID Token is issued from the Authorization Endpoint with a "code" or "code id_token", or "code id_token token" as the response type.

boolean
email_verified
Optional

The verified e-mail address of the end-user

string
phone_number
Optional

The end-user's preferred telephone number

integer As int64 As int64
updated_at
Optional

The time the end-user's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

array of string
group_ids
Optional

The IDs of all groups the user belongs to

array of string
group_names
Optional

The names of all groups the user belongs to

integer As int64 As int64
exp
Optional

The expiration time on or after which the ID Token MUST NOT be accepted for processing. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

integer As int64 As int64
iat
Optional

The time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

string
given_name
Optional

The given name(s) or first name(s) of the end-user

string
family_name
Optional

The surname(s) or last name(s) of the end-user

string
sub
Required

The subject identifier of the subject for whom the ID Token is issued.

string
iss
Optional

The identifier for the authority that issued the token


401

Invalid access token. The error description will contain 'error' and 'error_description' fields. See the OAuth2.0 spec for further details.

Operation doesn't return any data structure