This page details the use of the Class UserInfo endpoint to obtain information about Class users. This information can be used to bootstrap account creation for integrations that use Class as an Identity Provider for user authentication.
Required scopes
In order to make a UserInfo request, you must obtain an access token with an appropriate set of permissions. At a minimum, the access token scope must include OpenID to be able to make UserInfo requests.
The following scope values determine what information is included in UserInfo responses.
openid |
profile |
address |
phone |
class_profile |
For a detailed description of these values, please refer to the Authorization scopes page.
UserInfo Request
Once you have obtained an access token with appropriate permissions, you can obtain information about the authorizing user by making a UserInfo request.
Requests are made via an HTTP GET request to the UserInfo endpoint. The URI of this endpoint should be obtained dynamically from the userinfo_endpoint field of the Discovery document.
The request requires the access token to be sent as a Bearer token in the Authorization header during an API request.
There are no parameters for the request.
An example UserInfo request, with white space added for readability:
GET https://api.class.com.au/api/1.0/u/connect/userinfo
Authorization: Bearer PGNsaWVudF9pZD46PGNsaWVudF9zZWNyZXTvu78+
UserInfo response
The UserInfo response contains information about the authorizing user encoded as a JSON object. The exact set of properties will depend on both the scope of the access token used in the request and what data has been entered in Class. The only property that is guaranteed to be present is the sub (subscriber) property, which uniquely identifies the user.
The following Standard Claims will be included in the response if the access token has the appropriate scope, and the corresponding data has been entered in Class:
sub |
name |
given_name |
middle_name |
family_name |
gender |
phone_number |
address |
The following additional claims will be included in the access token scope includes class_profile:
business_name |
busines_code |
business_phone_number |
business_address |
class_role |
An example UserInfo response, with white space added for readability:
HTTP/1.1 200 OK
Date: Fri, 10 Jul 2015 03:23:41 GMT
Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Content-Type: application/json; charset=utf-8
Content-Length: 590
{
"sub" : "007e9c1e-1be8-408b-b538-866cad6d3d09",
"email" : "test.user@class.com.au",
"name" : "Mr Test User",
"given_name" : "Test",
"family_name" : "User",
"middle_name" : "Test",
"gender" : "male",
"phone_number" : "0292783354",
"address" : {
"street_address" : "238 Pitt Street",
"locality" : "Sydnet",
"region" : "NSW",
"postal_code" : "2000",
"country" : "au"
},
"class_profile" : {
"class_role" : "Access Controller",
"business_name" : "Sample Business",
"business_code" : "BUSINESS",
"business_address" : {
"street_address" : "238 Pitt Street",
"locality" : "Sydnet",
"region" : "NSW",
"postal_code" : "2000",
"country" : "au"
},
"business_phone_number" : "0292783354"
}
}