Skip to content

Commit

Permalink
Merge pull request #6849 from bjarnef/patch-28
Browse files Browse the repository at this point in the history 
Document `userinfo` endpoint
  • Loading branch information
@sofietoft
sofietoft authored Feb 5, 2025
2 parents 0883d00 + 73955ee commit 09eb05f
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
22 changes: 22 additions & 0 deletions ...aco-cms/reference/content-delivery-api/protected-content-in-the-delivery-api.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,28 @@ To terminate the active session for any given member, you must redirect the brow
GET /umbraco/delivery/api/v1/security/member/signout?post_logout_redirect_uri={valid URL from LogoutRedirectUrls}
```

### User info

The "user info" endpoint is part of the OpenId Connect core spec.

This implementation returns a few of the standard claims, all of which are subject of availability:

- `sub` (required claim)
- `name` (if available)
- `email` (if available)

On top of this, the member groups (if any) are returned in the role claim.

The implementation is build to be extendable, so custom claims can be added to these claims - and the core claims can be removed, too.

```http
GET /umbraco/delivery/api/v1/security/member/userinfo
```

{% hint style="info" %}
This was introduced in Umbraco 13.6.0.
{% endhint %}

## Testing with Swagger

The Delivery API Swagger document can be configured to support member authentication.
Expand Down
18 changes: 18 additions & 0 deletions .../reference/content-delivery-api/protected-content-in-the-delivery-api/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,24 @@ To terminate the active session for any given member, you must redirect the brow
GET /umbraco/delivery/api/v1/security/member/signout?post_logout_redirect_uri={valid URL from LogoutRedirectUrls}
```

### User info

The "user info" endpoint is part of the OpenId Connect core spec.

This implementation returns a few of the standard claims, all of which are subject of availability:

- `sub` (required claim)
- `name` (if available)
- `email` (if available)

On top of this, the member groups (if any) are returned in the role claim.

The implementation is build to be extendable, so custom claims can be added to these claims - and the core claims can be removed, too.

```http
GET /umbraco/delivery/api/v1/security/member/userinfo
```

## Testing with Swagger

The Delivery API Swagger document can be configured to support member authentication.
Expand Down

0 comments on commit 09eb05f

Please sign in to comment.