How to integrate the Next Identity Hosted Journeys user info workflow
Retrieving key details from a user's profile with Next Identity Journeys is an optional workflow in your integration with Next Identity.
In this use case, the user is already signed in and you have a valid access token for them.
Endpoint URL
The user info request consists of the base domain + the endpoint (/userinfo) + parameters. Available parameters are listed below the example.
curl --location --request POST 'https://id.eu.nextreason.com/userinfo' \
--header 'Authorization: Bearer {{access_token}}' \
--header 'Content-Type: application/json' \
Required Parameters
The following parameters must be included on every request.
| Parameter | Description |
|---|---|
header authorization | A header for authorization including a bearer token (the access token retrieved from the /token call) valid for the user. |
Response Handling
This endpoint provides comprehensive information about an authenticated user, including their unique identifier, name, email, verification status, last update time, and locale.
Sample Result:
{ "sub": "9cde62ef-3d64-4aff-89f4-5362ec858cc3", "name": "John", "given_name": "Smith", "family_name": "John", "email": "[[email protected]](mailto:[email protected])", "email_verified": true, "updated_at": "2020-12-14 21:22:11.304747 +0000", "locale": "en-US" }
Structure:
| Attribute | Description |
|---|---|
| sub (string) | Unique identifier for the user |
| name (string) | Full name of the user |
| given_name (string) | Given name of the user |
| family_name (string) | Family name of the user |
| email (string) | Email address of the user |
| email_verified (boolean) | Indicates whether the user's email is verified |
| updated_at (dateTime) | Represents the last time the user's information was updated |
| locale(string) | Indicates the user's language and regional preferences |
Configuration Options
The /userinfo endpoint can be configured to return specific information based on the application's requirements.
Error Handling
| Code | Error | Cause |
|---|---|---|
| 401 Unauthorized | { "error": "http_exception", "error_details": { "message": "Unauthorized" } } | Incorrect code |
| 400 Bad Request | { "stat": "error", "error": "invalid_request" } | Invalid base domain |
| 400 Bad Request | { "stat": "error", "error": "invalid_request" } | Empty Access Token |
Security Considerations
Ensure that the responses that are considered as personally identifiable information (PII) is transmitted securely over HTTPS to prevent interception by unauthorized parties.
Integration
- Redirect to Authorization Endpoint: Initiate the authentication request.
- Handle Redirect Back with Authorization Code: Capture and process the authorization response.
- Exchange Authorization Code for Tokens: Obtain access and possibly refresh tokens.
- Use the obtained access token and run the userinfo endpoint
- Use the obtained user details for the approved use case like personalizing user experience, display a user profile or perform other application-specific tasks.