Agile.Now implements OpenID Connect, providing a userinfo endpoint that returns claims about the authenticated user. This endpoint is particularly useful for developers looking to obtain user profile details after authentication.
User Info Endpoint:
To retrieve user profile information, send a GET request to:
GET https://<server-url>/oauth/rest/v2/default/me/userinfo
Remember to replace <server-url> with the actual URL of your Agile.Now server.
Supported Scopes:
The userinfo endpoint supports various scopes that align with the data you wish to retrieve. These scopes include:
profileemailphonerolesidentifier
Include these scopes in your authorization request to ensure the userinfo response contains the desired claims.
User Info Response:
Upon a successful request to the userinfo endpoint, the response includes a JSON object with the user's claims, structured as follows:
| Claim | Type | Example | Description |
|---|---|---|---|
| sub | String | "248289761001" | The user's unique identifier. |
| tid | String | "030e525a-4886-4ecd-8ca7-6f52ea000015" | Tenant Identifier—identifies the specific tenant (organization) associated with the user. |
| preferred_username | String | "john.doe" | Shorthand name by which the user wishes to be referred to. |
| name | String | "John Doe" | The user's full name. |
| given_name | String | "John" | The user's first name. |
| family_name | String | "Doe" | The user's last name. |
| String | "john.doe@example.com" | The user's email address. | |
| email_verified | Boolean | true | Indicates whether the user's email has been verified. |
| phone_number | String | "+1234567890" | The user's phone number. |
| phone_number_verified | Boolean | true | Indicates whether the user's phone number has been verified. |
| identifier | String | "xxxxxx-xxxx" | The user's identifier (e.g., SSN.) |
| identifier_verified | Boolean | true | Indicates whether the user's identifier (e.g., SSN) has been verified |
| profile | String | "https://example.com/johndoe" | The URL to the user's profile page. |
| locale | String | "en-US" | The user's locale, representing their preferred language and regional settings. |
| roles | Array | ["customer","user"] | Roles assigned to the user. |
Email and Phone Verification
The userinfo response includes email_verified and phone_number_verified claims to indicate whether the user's email and phone number have been validated by the identity provider.
email_verified: A boolean value that shows whether the email address is verified. (trueif verified,falseotherwise)phone_number_verified: A boolean value that shows whether the phone number is verified. (trueif verified,falseotherwise)
Example JSON Response from userinfo:
{
"sub": "248289761001",
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"email": "john.doe@example.com",
"email_verified": true,
"phone_number": "+1234567890",
"phone_number_verified": true,
"locale": "en-US",
"profile": "https://example.com/johndoe"
}
Handling Bearer Token Errors:
To access the userinfo endpoint, include a Bearer token in the Authorization header. If the token is invalid, you'll receive an error response.
Error Response Example:
{
"error":"Unauthorized",
"error_description":"The session ID or OAuth token used has expired or is invalid.",
"Errors": [
"The session ID or OAuth token used has expired or is invalid."
],
"Type": "/Errors/Unauthorized",
"Title": "Unauthorized",
"StatusCode": 401,
"Instance": "/oauth/rest/v2/me/userinfo"
}
Error Handling Tips:
- Always pass a valid
Bearertoken in the Authorization header. - Implement token refresh logic in your application to handle expired tokens.
- Use secure HTTPS connections to prevent token interception and leakage.
Best Practices for Developers:
- Ensure scopes requested during the authorization process match those needed for
userinforetrieval. - Store and manage
Bearertokens securely within your application. - Handle user data obtained from
userinfowith care, respecting privacy and data protection laws.
By integrating the userinfo endpoint into your application, you can provide a more personalized user experience, leveraging the rich set of user claims available through Agile.Now.