OpenID Connect UserInfo request

Consented claims about the authenticated user, such as name and email address, are retrieved from the UserInfo endpoint of the OpenID provider.

The claims are retrieved with a simple HTTP GET request which includes the previously obtained bearer access token in the Authorization header.

Example:

import java.net.*;
import com.nimbusds.oauth2.sdk.http.*;
import com.nimbusds.oauth2.sdk.token.*;
import com.nimbusds.openid.connect.sdk.claims.*;

URI userInfoEndpoint;    // The UserInfoEndpoint of the OpenID provider
BearerAccessToken token; // The access token

// Make the request
HTTPResponse httpResponse = new UserInfoRequest(userInfoEndpoint, token)
    .toHTTPRequest()
    .send();

// Parse the response
UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse);

if (! userInfoResponse.indicatesSuccess()) {
    // The request failed, e.g. due to invalid or expired token
    System.out.println(userInfoResponse.toErrorResponse().getErrorObject().getCode());
    System.out.println(userInfoResponse.toErrorResponse().getErrorObject().getDescription());
    return;
}

// Extract the claims
UserInfo userInfo = userInfoResponse.toSuccessResponse().getUserInfo();
System.out.println("Subject: " + userInfo.getSubject());
System.out.println("Email: " + userInfo.getEmailAddress());
System.out.println("Name: " + userInfo.getName());