See openid-connect Menu

Get User Info


Deprecation Notice

There is a more recent version of this OpenId Connect API available. Learn more.

This endpoint will be removed from service on April 20th 2021.

Use this API to get the user information related to a given access_token.

Note that the user info return by this call is determined by the scopes that were used to generate the access_token

Resource URL

https://<region>.onelogin.com/oidc/me

Header Parameter

Authorization

required

string

Set to Bearer <access_token>.

The access_token is returned when you create a new session via Authorization Code or Password Grant

Resource Parameter

region

required

integer

Set to the region of your OneLogin instance.

  • openid-connect
  • openid-connect-eu
e.g. If your OneLogin instance is located in Europe then use https://openid-connect-eu.onelogin.com/oidc

Sample Response

The openid profile & email scopes were supplied in initial authorization

{
    "sub": "32916209",
    "email": "peggy.sue@onelogin.com",
    "preferred_username": "peggy.sue",
    "name": "Peggy Sue",
    "updated_at": "2017-11-10T06:36:34.456Z",
    "given_name": "Peggy",
    "family_name": "Sue",
    "groups": [
      "Admin Role",
      "User Role",
      "Custom Roll"
    ]
}

No scopes were supplied in initial authorization

{}

Authorization header is missing

{
    "error": "invalid_request",
    "error_description": "no bearer token provided"
}

Authorization header value needs to be “Bearer access_token

{
    "error": "invalid_request",
    "error_description": "invalid authorization header value format"
}
{
    "error": "invalid_token",
    "error_description": "invalid token provided"
}

Response Elements

sub The OneLogin ID for the user that started the session
email The email address of the user
preferred_username The username for the user. Not always an email address.
name The full name of the user
updated_at The date the users profile was last updated.
given_name The first name of the user
family_name The last name of the user
groups If the groups scope was supplied during authentication and the Groups parameter has been mapped on your OpenId Connect app in OneLogin then the groups claim will be returned.

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

curl -XGET "https://<region>.onelogin.com/oidc/me" \
-H "Authorization: Bearer <access_token>"

Postman Collection

Run In Postman

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.