KeyCloak /userinfo not returning user info, returns what appears to be a token

Question

Here is the flow I am attempting in postman.

Get access token {{server}}/auth/realms/{{realm}}/protocol/openid-connect/token

I get the access token. I then run the next query

{{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo

I put these in the headers Content-Type: application/x-www-form-urlencoded Authorization: Bearer {{access_token}}

I get a random string in return eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJnN0FHMmJXMmhmQzBLTHJ0S1NUV2V4eTBGWVhsYklybXVEdnF0aDF2MFpNIn0.eyJzdWIiOiIxOGI0OTJhMy0wOGFlLTQ2NjQtODBjNi1iZGQ5Nzk2ODdiMzQiLCJhdWQiOiJibGluZHNwb3QtYXV0aCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9CbGluZHNwb3QifQ.UNyZ2AifgqK9NAiSVwWMFT4_EEleMBztodPHu19NrzIt0DUteK4gfYlgAf-Yfk6w3ue3TyjpD93HFlM-1AG2bHgIyIxI01IbEB2ew9b8xgLiexLrQkgQHIWWWFxSOqQCBo0VPgY3yi0ib3sqeBAcxpvfOhtvQuEH0lHdPFXh8DTJQL18Q3TAhTRpknpwIQ5mpjhaeIW2HXpExrPp6-35r2riPifS_nFNaTqPTSWAFHBiqFEa2_PnQcC6f09jGQYYGkjHnetuAdcmxmhskb59YYlqvRpvezi-Af9IHNhCDad0zomMJK5ajIYUcaXWpAuQZMhPp1OvTB79Olc-YUUOIg

score 2 · Accepted Answer · edited Oct 22 '21 at 09:04

2

to get the user infos you have to make a get Request using this endpoint:{{keycloak_url}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo, in Authorization : bearen token

edited Oct 22 '21 at 09:04

Dharman

30,962
25
85
135

answered Oct 22 '21 at 08:58

Vanessa Tankeu

56
1
7

score 1 · Answer 2 · answered Oct 08 '21 at 17:57

1

Userinfo specification doesn't specify Content-Type: application/x-www-form-urlencoded header - see https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest

So use standard GET request {{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo with Authorization: Bearer {{access_token}} header only.

answered Oct 08 '21 at 17:57

Jan Garaj

25,598
3
38
59

I removed the content-type and it returns the same information. – Michael McDermott Oct 08 '21 at 18:06
@MichaelMcDermott are you sure you are using current Keycloak version (15)? Are you using access token? You don't have any interceptor (proxy, LB, WAF, ....) between postman & keycloak? – Jan Garaj Oct 08 '21 at 18:12
I am using the current version. I am able to get the token successfully. The return data changes when I update scopes etc in keycloak, but it won't return as a json – Michael McDermott Oct 08 '21 at 18:15
@MichaelMcDermott do you have any mapper on the client level which returns userinfo claim? – Jan Garaj Oct 08 '21 at 19:35

score 1 · Answer 3 · answered Feb 11 '22 at 02:54

1

To get userInfo as JSON response, make sure "User Info Signed Response Algorithm" is set to "unsigned" in your client settings in Keycloak.

answered Feb 11 '22 at 02:54

Khai

19
1

KeyCloak /userinfo not returning user info, returns what appears to be a token

3 Answers3