See openid-connect Menu
  1. Home >
  2. OpenId Connect >
  3. API Reference - v1.0 >
  4. Get User Info

Get User Info

Upgrade Available

There is a more recent version of this OpenId Connect API available. Learn more.

Use this API to get the user information related to a given access_token.

Note that the user info return by this call is determined by the scopes that were used to generate the access_token

Resource URL

https://<region>.onelogin.com/oidc/me

Header Parameter

Authorization

required

string

Set to Bearer <access_token>.

The access_token is returned when you create a new session via Authorization Code or Password Grant

Resource Parameter

region

required

integer

Set to the region of your OneLogin instance.

  • openid-connect
  • openid-connect-eu
e.g. If your OneLogin instance is located in Europe then use https://openid-connect-eu.onelogin.com/oidc

Sample Response

  • 200 OK
  • 400 Bad Request
  • 401 Unauthorized

The openid profile & email scopes were supplied in initial authorization

{
    "sub": "32916209",
    "email": "peggy.sue@onelogin.com",
    "preferred_username": "peggy.sue",
    "name": "Peggy Sue",
    "updated_at": "2017-11-10T06:36:34.456Z",
    "given_name": "Peggy",
    "family_name": "Sue",
    "groups": [
      "Admin Role",
      "User Role",
      "Custom Roll"
    ]
}

No scopes were supplied in initial authorization

{}

Authorization header is missing

{
    "error": "invalid_request",
    "error_description": "no bearer token provided"
}

Authorization header value needs to be “Bearer access_token

{
    "error": "invalid_request",
    "error_description": "invalid authorization header value format"
}
{
    "error": "invalid_token",
    "error_description": "invalid token provided"
}

Response Elements

sub The OneLogin ID for the user that started the session
email The email address of the user
preferred_username The username for the user. Not always an email address.
name The full name of the user
updated_at The date the users profile was last updated.
given_name The first name of the user
family_name The last name of the user
groups If the groups scope was supplied during authentication and the Groups parameter has been mapped on your OpenId Connect app in OneLogin then the groups claim will be returned.

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

curl -XGET "https://<region>.onelogin.com/oidc/me" \
-H "Authorization: Bearer <access_token>"

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.

StackOverflow discussions about "[onelogin] openid connect"

  • 5
    Votes
    1
    Answers

    Q: How to use onelogin SSO with AngularJS?

    Asked Jun 20 2016

    questions: 1> Onelogin is using SAML instead of OpenID Connect. I am not asking what's the difference between these two, but what is recommended since everyone is moving towards OpenID Connect? 2> Does Onelogin supports AngularJS? I don't see any documentation for onelogin API with AngularJS & Node See Here … I was looking into Onelogin for SSO. We have applications written in .NET, AngularJS + Node. None of these applications are mobile applications. After going through their documentation I have few …

    samlonelogin
  • 4
    Votes

    A: SAML for Native Mobile Apps(Android and IOS)

    Answered Apr 02 2018

    session you've established with an SSO provider) between native apps that also support SAML the same way. https://spin.atomicobject.com/2016/09/01/sharing-web-data-wkwebview/ Basically, if you do this, you'll also be supporting SSO on mobile via SAML (or OpenID Connect, if you go that route) …

    androidiossaml-2.0onelogin
  • 3
    Votes

    A: Does OneLogin support client session management via OIDC?

    Answered Nov 16 2018

    https://openid.net/specs/openid-connect-session-1_0.html: 2.1. OpenID Provider Discovery Metadata These OpenID Provider Metadata parameters MUST be included in the Server's discovery … responses when Session Management and Discovery are supported: check_session_iframe ... end_session_endpoint ... I don't see these metadata parameters in the OneLogin discovery metadata, so it looks like Session Management is not supported. …

    javascriptangularopenidoneloginopenid-connect
  • 2
    Votes

    A: How to Validate an Access Token for OAuth2 + PCKE flow

    Answered Apr 25 2019

    returned from the auth code flow https://developers.onelogin.com/openid-connect/api/authorization-code-grant worked, and the access_token only returned {"active":false} after it expired. Make sure you are not setting the Authorization header, and only set your client_id in the payload. … I'm using OIDC with PKCE, and I managed to call the https://openid-connect.onelogin.com/oidc/token/introspection endpoint with a token retrieved via the authorization code flow: $ curl -i -d "token …

    apisessionlogintokenonelogin
  • 1
    Votes

    A: XMLHttpRequest has been blocked by CORS policy - https://openid-connect-eu.onelogin.com/oidc/token

    Answered May 23 2019

    , which is documented here: https://developers.onelogin.com/openid-connect/api/id-token OneLogin also has sample code for this: https://github.com/onelogin/onelogin-oidc-node/tree/master/2.%20Implicit%20Flow … Javascript prevents POST calls to other domains at the browser level unless they are expressly permitted by the service (and OneLogin doesn't permit this, for security reasons) I'll add that doing …

    javascripttypescriptcorsonelogin

Loading...