Get User Info
Deprecation Notice
There is a more recent version of this OpenId Connect API available. Learn more.
This endpoint will be removed from service on April 20th 2021.
Use this API to get the user information related to a given access_token.
Note that the user info return by this call is determined by the scopes
that were used to generate the access_token
Resource URL
https://<region>.onelogin.com/oidc/meHeader Parameter
Authorization required string | Set to The |
Resource Parameter
region required integer |
Set to the
https://openid-connect-eu.onelogin.com/oidc
|
Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
The openid profile & email scopes were supplied in initial authorization
{
"sub": "32916209",
"email": "peggy.sue@onelogin.com",
"preferred_username": "peggy.sue",
"name": "Peggy Sue",
"updated_at": "2017-11-10T06:36:34.456Z",
"given_name": "Peggy",
"family_name": "Sue",
"groups": [
"Admin Role",
"User Role",
"Custom Roll"
]
}No scopes were supplied in initial authorization
{}Authorization header is missing
{
"error": "invalid_request",
"error_description": "no bearer token provided"
}Authorization header value needs to be “Bearer access_token”
{
"error": "invalid_request",
"error_description": "invalid authorization header value format"
}{
"error": "invalid_token",
"error_description": "invalid token provided"
}Response Elements
sub |
The OneLogin ID for the user that started the session |
email |
The email address of the user |
preferred_username |
The username for the user. Not always an email address. |
name |
The full name of the user |
updated_at |
The date the users profile was last updated. |
given_name |
The first name of the user |
family_name |
The last name of the user |
groups |
If the groups scope was supplied during authentication and the Groups parameter has been mapped on your OpenId Connect app in OneLogin then the groups claim will be returned. |
Sample Code
cURL
Replace sample values indicated by < > with your actual values.
curl -XGET "https://<region>.onelogin.com/oidc/me" \
-H "Authorization: Bearer <access_token>"
Postman Collection
Replace sample variables indicated by {{ }} with your actual values.
Download for the OpenId Connect API
Have a Question?
Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.
Found a bug? Submit a support ticket.
Have a product idea or request? Share it with us in our Ideas Portal.
StackOverflow discussions about "[onelogin] openid connect"
-
A: SAML for Native Mobile Apps(Android and IOS)
Answered Apr 02 2018https://spin.atomicobject.com/2016/09/01/sharing-web-data-wkwebview/ Basically, if you do this, you'll also be supporting SSO on mobile via SAML (or OpenID Connect, if you go that route) …
-
Q: How to use onelogin SSO with AngularJS?
Asked Jun 20 2016After going through their documentation I have few questions: 1> Onelogin is using SAML instead of OpenID Connect. … I am not asking what's the difference between these two, but what is recommended since everyone is moving towards OpenID Connect? 2> Does Onelogin supports AngularJS? …
-
A: Does OneLogin support client session management via OIDC?
Answered Nov 16 2018https://openid.net/specs/openid-connect-session-1_0.html: 2.1. … I don't see these metadata parameters in the OneLogin discovery metadata, so it looks like Session Management is not supported. …
-
A: How to Validate an Access Token for OAuth2 + PCKE flow
Answered Apr 25 2019,"iss":"https://openid-connect.onelogin.com/oidc","jti":"..." … ,"scope":"openid profile email"} Both the access_token and refresh_token returned from the auth code flow https://developers.onelogin.com/openid-connect/api/authorization-code-grant worked, and the access_token …
-
Q: Python/Django library for registering multiple SSO Identity Providers(OpenID Connect)
Asked Nov 08 2019I'm working on a project written in Python(Django) and i recently added an SSO option for logging in with OneLogin accounts. There's already support for Microsofts Azure SSO from an earlier feature. … I'm looking for a library which can somehow register different identity providers(Microsoft, OneLogin, Facebook, etc...) and then wrap the similar login logic into a single class, which would handle all …
Loading...