# User info

{% hint style="info" %}
***This page must be considered part of the iSHARE Framework***

*This page is considered normative and is therefore compliant with RFC 2119.*
{% endhint %}

OpenID Connect 1.0 endpoint for obtaining attributes of a Human Service Consumer conform scope defined in access token.

## Obtaining attributes of a Human Service Consumer

> OpenID Connect endpoint for obtaining attributes of a Human Service Consumer conform scope defined in access token.\
> \
> Server response is an iSHARE signed JSON Web Token. Please refer to the models 'jwt\_header' and 'jwt\_payload\_userinfo\_token' which indicate what the decoded response will look like.

```json
{"openapi":"3.0.0","info":{"title":"generic iSHARE API specifications","version":"2.1.1"},"tags":[{"name":"Identity Provider","description":"Endpoints that form the Identity Provider API specification."}],"servers":[{"description":"iSHARE UAT network base domain","url":"https://isharetest.net"},{"description":"iSHARE TEST network base domain","url":"https://test.ishareworks.nl"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"OAuth 2.0 authorization based on bearer token. MUST contain “Bearer “ + access token value. Must be provided if restricted endpoints are needed."}},"schemas":{"UserinfoResponse":{"title":"UserinfoResponse","type":"object","properties":{"userinfo_token":{"type":"string","format":"application/jwt"}}}}},"paths":{"/[v2.1.1]/connect/userinfo":{"get":{"tags":["Identity Provider"],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserinfoResponse"}}},"description":"OK"}},"deprecated":false,"operationId":"/connect/userinfo","summary":"Obtaining attributes of a Human Service Consumer","description":"OpenID Connect endpoint for obtaining attributes of a Human Service Consumer conform scope defined in access token.\n\nServer response is an iSHARE signed JSON Web Token. Please refer to the models 'jwt_header' and 'jwt_payload_userinfo_token' which indicate what the decoded response will look like."}}}}
```

### Request

#### HTTP methods

* POST

#### Parameters

#### Example

```
> Authorization: Bearer IIeDIrdnYo2ngwDQYJKoZIhvcNAQELBQAwSDEZMBcGA1UEAwwQaVNIQ
< Content-Type: application/json; charset=UTF-8

POST /connect/userinfo
```

### Response

#### Headers

* `Content-Type`

  **String**.

  Defines response body content type. MUST be equal to *application/jwt*.

#### HTTP status codes

* **200 OK**

  When a valid request is sent an OK result should be returned.
* **400 Bad Request**

  When an access token is valid but request itself is invalid.
* **401 Unauthorized**

  When `Authorization` header is either missing, invalid or token has already expired.

#### Parameters

Since response `Content-Type` is *application/jwt* it should be expected to retrieve a signed JWT. JWT should be [iSHARE compliant](https://dev.ishare.eu/version-2.1.1/reference/ishare-jwt) and its payload should contain [delegation evidence](https://dev.ishare.eu/version-2.1.1/authorisation-registry-role/delegation-endpoint#response-model). In addition, JWT payload might also contain the following parameters:

* `organisationIdentifier`\
  **String**. <mark style="color:red;">(Required)</mark>\
  Identifier of the organisation that the user is representing. **MUST** be ETSI/X.509 OrganizationIdentifier (OID 2.5.4.97) issued by a Trust Service Provider (TSP), using the format in ETSI EN 319 412-1 V1.5.1, clause 5.1.4: `<3-letter type><2-letter country>-<identifier>`

#### 200 OK Example

```
< Content-Type: application/jwt
{
UserinfoResponse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFNlRDQ0E5R2dBd0lCQWdJSVUrVkNVWmo1dCtBd0RRWUpLb1pJaHZjTkFRRUxCUUF3UERFNk1EZ0dBMVVFQXd3eFZFVlRWQ0JwVTBoQlVrVWdSVlVnU1hOemRXbHVaeUJEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVTQkhOVEFlRncweU16QTVNRGt4TWpBMk16RmFGdzB6TXpBNU1EWXhNakEyTXpCYU1IVXhHakFZQmdOVkJBTU1FV2xUU0VGU1JTQlVaWE4wSUZCSlVpQXhNUnd3R2dZRFZRUUZFeE5GVlM1RlQxSkpMazVNTURBd01EQXdNREF3TVJRd0VnWURWUVFMREF0VVpYTjBJR0Z1WkNCUlFURVdNQlFHQTFVRUNnd05hVk5JUVZKRlZHVnpkRkJKVWpFTE1Ba0dBMVVFQmhNQ1Rrd3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEQ1puQlVCM2s1R05sa0piVThIbFFhY2IxdnVScTN5UkRVZlQyUzFaSFBJVEJuWUFSQTZvMDdLNmxKZWpyRnQ1YWRsSzRsK3ZxTDFvaWlTeWdTREFLdCtXYkxpUzZFakFocFlIeTFBNWtkNVFONnFmUUpUNnI4cVZvUXdrNnM5bmdldkc2SGRIQW5qMlcvR1d1UGNicU9JaHYxSEdaYVhIUDZrNGo3QzBuT042U1NRSXhQQko4bnUvdTloaDJzS0JpN0ZzRkNnZFpxL29OQzBaZjR3R3pJbVRlc3hQMUJrTXlETmdXVVIzK1JpZUlNTXNNQlJXcEhLRFE0aTI0blJZaGhqUjJGU3NQcitiTE85YXRKWFVKc3I4bElhVDNDaDRVOUE5MnNYY1A4V3lvVjJ1Ti9hOEJBTjVJWkw1bVRBZXA4NDJROXQrS1ltcXEzY1J2a21zUUN3WmxUZm1ZNUMzbDhKOHpHYTNETTZxUTViOFlCalZoUUljcEFISDJqQ3RpRmQ2Vk9XMjl3MVg2MHhKRU14dHB1dmhVNGQzZXlveFRiLzVYU05vRVJOUERRZzRRN0NHQWQvR3ZsbFFka2wrdGJPQW9EclYwY01PZFJ4eVpqa25UZUpzcWNaOHJYZWVDQkFkOVFYZEd0cGl0SUFsNnRyRFYxbEd4TmpZVldSN3o1MEJRUEUvaGpFOFZBb3ZuemMvOWlSenQ1ZmhFQkljclVJRVpzcmdKVUg1NXY0SVA2T2JjRisxVjNFdHNqMkJMZFI4cEdTNjdtL0t5TWdNcnVHN3IrTXZ0QUhaTHlLemZrWjBXdnczWFBsb1ZPWU1ha0NOaWNXTHNSUHR1clhEMEtyKy8xeWtrekllOFIxQWllVUVKbDBnR3ltWk04OXlPSDhuakNHd1psUHdJREFRQUJvNEcxTUlHeU1COEdBMVVkSXdRWU1CYUFGRzNGWlluTDM1RlUwV3M4dHdLbExzMkthSkFkTUNjR0ExVWRKUVFnTUI0R0NDc0dBUVVGQndNQ0JnZ3JCZ0VGQlFjREJBWUlLd1lCQlFVSEF3RXdOd1lJS3dZQkJRVUhBUU1FS3pBcE1BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0l3SFFZRFZSME9CQllFRkhIdlM2VXVCMUhIL0NtZmlvSDkzOWMxSndCR01BNEdBMVVkRHdFQi93UUVBd0lHd0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVNyYjZPLzVWbVJzTkNiazZzRHo1V1FYb1oxZG84MnhxZ1NibDIzK3hXekFHV2xNeEd5elJJdTZOSDQxbFNSeGcxNzRPU1EzS0orYXVTUlB1Si82NG9HUEp4MkVmekMyckZiOU5ZeWhGT2pqcnlSZVJBVUsxZzFBbkEzQVBpMUdLVkxTZ3hnTXBYTnhwNXo0Yk5pNGpzTG92ZW85Z2IxNzR3UWVZSVFzOXdUc3JOcU43eGpkc2UwcjNqTDdhdEJCK1ZOanR5bEYvOXBqaVBWeGR3a0o2MFFXeVg4ZFBobDZ3SWh4STdtVTVMclJZZk9TSEx4V1FhbzIvZWhXUURJeHFYOWQ1bVpEYlUrd0tFc3BiNWhSNmMvOEo1SFhyYy8yMXhvcTNxNjNPNkRoNFh5WEUxSEMzZ0hUeGxmTmtzRm5aOHpNeFlPVlZMc0hleHAwbGRITzhaUT09IiwiTUlJRFNEQ0NBakNnQXdJQkFnSUlTeFIzSW16RzFCY3dEUVlKS29aSWh2Y05BUUVMQlFBd0p6RWxNQ01HQTFVRUF3d2NWRVZUVkNCcFUwaEJVa1VnUm05MWJtUmhkR2x2YmlCbFNVUkJVekFlRncweE9UQXlNakl4TURBME16RmFGdzB6T1RBeU1UY3hNREF5TkRsYU1Ed3hPakE0QmdOVkJBTU1NVlJGVTFRZ2FWTklRVkpGSUVWVklFbHpjM1ZwYm1jZ1EyVnlkR2xtYVdOaGRHbHZiaUJCZFhSb2IzSnBkSGtnUnpVd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURIQjJBQlFMN3p3bWkxeElrTzBhMnE2aklKZG4zUUFtMHMxbFNlUWV2OUYyRjNNNVo4cWlxUUphdXJNWnl3WmZkTnZnOStJcUdIT2pEZTZoSWh1Unp6b0FvMEFiTzROOU9kZjJSRERVOTVON3RvSm1BeUNpWUdnWmZadDdCc0tGSWVRNnA2Q3NnS2NSWFBpMGZkWGRWU0hwNGJaZlFPUWRjbE1idElUaXJuRnRVMDZOUEFob1k2NzZZejk2eEZBRTB6b202ZU1WUFBPSW0wRzhnZDQ0WGxuYkwwdzBtY2NDaTJWVVpqdkNJTDU5TzYxTzh2bFZ5THNCcU5OVEN2ZjlDMkNNWWFFYXRYWnl6L2x3Z0g2SllIdEQwdXNYdC8rTTBxS1llMW9lb0xrMFppY0ZaWGNrMWlTMDlrRmRnZ0s1QmxOb2RvV0phREJScm81MVdoWTJXbkFnTUJBQUdqWXpCaE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0h3WURWUjBqQkJnd0ZvQVVsWk1reWJ5aEN6SzVIT0JGSEtSTytNTFNSLzR3SFFZRFZSME9CQllFRkczRlpZbkwzNUZVMFdzOHR3S2xMczJLYUpBZE1BNEdBMVVkRHdFQi93UUVBd0lCaGpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVpINVFqdXErTzlGcHY2MzdnMGNGNm4xSUxZQkx6MWVOWmpFQjNkb0FleHZpNUN6U3czb3N3SkNTZWRHVzNoaDBxSE9USzJnSTgzamgwVzJFQW4yaXNGZ3doTW9HMmpkMllTRlNrbThRLzJlT2ZjNk1nR1NDNXNPVEw3NUo3YnlMQ29yZHFkL040ZWFqM0VxS0xhV3E3cjd1c3RQODFQOEVJbHowRDhhN2xmZjFGU28yM0hXWFRXWDIrbTJ2b0xBRTVsOTdhR1RHUlMxVWJ4aFAyakZLWUo5WHppS2U5TVFKU1pFbFRROGpxZzJrUEZrRXgvWHFBV3FsRzFkbDF5d0xKcTVpZVB2SzFSNEFZTkkvWWJaUWs5c2xqOHYrUC82TTdFdEVyc2YydUlTZ2V3TFRjV2wyNHgzbkc1eGJRWnhyUDhsMmpTR1ltT1RJbmdLT1FTbmJmZz09IiwiTUlJRE16Q0NBaHVnQXdJQkFnSUlCTFUyY1pBWnFMRXdEUVlKS29aSWh2Y05BUUVMQlFBd0p6RWxNQ01HQTFVRUF3d2NWRVZUVkNCcFUwaEJVa1VnUm05MWJtUmhkR2x2YmlCbFNVUkJVekFlRncweE9UQXlNakl4TURBeU5EbGFGdzB6T1RBeU1UY3hNREF5TkRsYU1DY3hKVEFqQmdOVkJBTU1IRlJGVTFRZ2FWTklRVkpGSUVadmRXNWtZWFJwYjI0Z1pVbEVRVk13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3JEUDJEV1gzL2I4dU1hcHpFQkFUU2E2aVpmdmdneklCVUV4a1dFYkc5ZTFuVnkvalFrMjBuZlNGTVVtUlQ2TmhZY2RrU1lPL1dya2k5WTRFcEN5MXh2WkhxTCs0WTZTOUpMWndKNzYwTHBZbGUrTmFWdTdtaW5NVVFjdW9qNW5LekNsdmF6YjAwQXg1Z2tKVWZSM3YzWDVHWHFRcmtXYXpNdCtrNVROTTZUV3VKMzBxT2Z3ckh4NXZUTG1UVVVpaCtCc0dMM2Y1R09zMVZUWUlDTmhpVGpONzRuMldxcDJrVUxXSWUrL1g2UlovaEtzcGFIR1puS0RWVHdJKzhabVdGZWp1eEE2RE9YN1JzWUxLdlFPMjFGbWJJQm9TczlBenY1OS9SeFdVSlZNTzBXaERoS3BRZ0NHandnVjMyb2ZOZGtGZ21kVnVsek5QSUQyUk5iVFRMQWdNQkFBR2pZekJoTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVWxaTWt5YnloQ3pLNUhPQkZIS1JPK01MU1IvNHdIUVlEVlIwT0JCWUVGSldUSk1tOG9Rc3l1UnpnUlJ5a1R2akMwa2YrTUE0R0ExVWREd0VCL3dRRUF3SUJoakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbHphQlZhRmhabUg5dXhzTFN2M0Zra3hXVndCUjFHaEF4d2NKbFY0eCtrcVg4dGNoSjRTRExFdVdSckY0RE50dlNSM3I2OUt6OGVZSTVYdVcxZUcxMllqR0dWbFlpamR4ckcxQU56R24ydmRvOXZMN2RFRlVFTUsxQUt4UnN0YlRkRTd5d3pJVi9DNjF3OEpyeHdMdHQ5T2pkVUVVUEh1R1RqdXY1bkZCUGRGek9jdnUrRFRNbDczQ0pQMnplWlVGZ3VqNTVNc1hZNDVNclhyYmd0K0xKcVV1NHBrQjJiTHU5RmJlUkxXWkp1a25ZU3JXNGZ5UUJaMmkrTXNHZGlCS1FjZjNmTFhqcGNoNDgvcDdTaVRrNHVmbG9CYXFUQ2x0L0V0V1hEU21GY3Y0UWpCazFtVVB1OXZ4aWtjSERrQXZKck9YR2cwYiszZUk0YTdPVGZBYjFnPT0iXX0.eyJpc3MiOiJkaWQ6aXNoYXJlOkVVLk5MLk5UUk5MLTEwMDAwMDA2Iiwic3ViIjoiNDE5NDA0ZTEtMDdjZS00ZDgwLTllOGEtZWNhOTR2ZGUwMDAzZGUiLCJhdWQiOiJkaWQ6aXNoYXJlOkVVLk5MLk5UUk5MLTEwMDAwMDAxIiwianRpIjoiNzgyYmIzOWUtMjQ4YS00NzA4LWI2MmUtZWZiMDVmYzM2MDQyIiwiZXhwIjoxNzY3MTc5ODY5LCJpYXQiOjE3NjcxNzk4MzksIm9yZ2FuaXNhdGlvbklkZW50aWZpZXIiOiJkaWQ6aXNoYXJlOkVVLk5MLk5UUk5MLTEwMDAwMDAyIiwibmJmIjoxNzY3MTc5ODM5fQ.uqSii8f7qMMQ84ZMbWAMHas6C5uyKsT4vRzkwW6PJRjGRv3NZGGhYn_-T84Ga3qYieru60_O0mmmjzFHv7I_Q9XY6DJrW-bloDCgzl68cu2bXXz9Ev-anU4iEwpYELzmRvIqX9S9q2yC2JESaEZgCAIzGdhz-_yJda5prmuCV5uCV9SlwsOlq9nvRsePwb_HbXyGn29CYtLrs8rlcnsqWuJ6fieZtGNrR-XD6NX2fJ5BoG7TwZTu_54P2BxaNvb8zxn44udOJ1htg1rUGqywhnKxLXP2DHtKCBkRhdlabaMVww3YC_UXPe2TcNvwHd8s-9mVVStf2hR_Y5__6RVUkcHa0TqyzZrkGfQ02lOvaVZsb1e6MC5X7kNYPYsNMfpqMHj2RBnRQlM9UaXa-OLZe7d91xiwdENNw9L0eOenLzS5VCJVXq6_8dWbEOm1KFQPu-S58E6OdklqVqfyj3afvflI988zCy_A0wtCR_RqNJPH41mYbp6V_Zz_3uPC63Xz5rRNk6N3kXWaElH3GLuZl_eu-mG4BtGyr0i1OvUhh3oHXqhAec12maKI8iNZvV7XmxOBEJdjGREtV8bxvF_Mlu9uzRVI5ZsnAiy6qdRfHzccqt-devEfNdJZZ_d83kCj3NH6Jf79EpUBL25CuCtZDBxNXjZsOEJ4K6yK5xPb3_c
}
```

**Decoded JWT Payload**

```json
{
  "iss": "did:ishare:EU.NL.NTRNL-10000006",
  "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de",
  "aud": "did:ishare:EU.NL.NTRNL-10000001",
  "jti": "782bb39e-248a-4708-b62e-efb05fc36042",
  "exp": "1588926732",
  "iat": "1588926702",
  "organisationIdentifier": "did:ishare:EU.NL.NTRNL-10000002"
}
```