Userinfo endpoint

The userinfo endpoint is used to retrieve the security context of the logged-in user.

info

Oneki.js doesn't expect a specific format for the security context. You can put in what you want. The content of the security context is usually made of profile attributes like email, name, firstname, roles, ...

Example of a security context

{
  sub: "de1ff3d2-0710-4f7a-9dd1-4aadb7d94b57",
  email: "john.doe@example.com",
  given_name: "John",
  family_name: "Doe",
  picture: "https://www.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50",
  roles: ['admin', 'user']
}

tip

The userinfo endpoint is the only configuration parameter that is common for all types of authentication

Excerpt from settings.ts

{
  ...
  idp: {
    default: {
      type: "form",
      userinfoEndpoint: 'https://backend.com/api/whoami',
    }
  }
}

The value of userinfo endpoint parameter can have three formats:

Format	Description	Example
String (URL)	a URL String. If the URL is relative (e.g: */api/userinfo), it's prefixed with the server.baseUrl* from `src/settings.ts` Oneki.js preforms an AJAX GET request on this URL to retrieve the profile of the connected user	/api/userinfo
String (token...)	A string that starts with `token`. Oneki.js retrieves the profile of the connected user from the (JWT) Token present in the global state. The global state is populated with the token during the authentication Must be one of these values: token://id_token token://access_token token see token	token://id_token
Function	Instead of a String, a function with the format (context) => URL can be specified. Oneki.js executes it to retrieve the URL This function can be async	(context) => https://oneki.org/api/userinfo

Token

When the value starts with token, it means that the backend doesn't expose a userinfo endpoint, but the security context can be retrieved from a token existing in the global state (under the key auth.token) with the following format:

{
  "id_token": "JWT_ID_TOKEN_IN_BASE64",
  "access_token": "JWT_ACCESS_TOKEN_IN_BASE64",
  ...
}

The token is stored in the global state via a callback function

Token extraction

if the value is

token://id_token, then the token JWT_ID_TOKEN_IN_BASE64 is parsed and the claims become the security context.
token://access_token, then the token JWT_ACCESS_TOKEN_IN_BASE64 is parsed and the claims become the security context.
token, then the whole response becomes the security context (there is no parsing)

Example

userinfoEndpoint: '/api/whoami'
// or
userInfoEndpoint: (context) => '/api/whoami'
// or
userInfoEndpoint: 'token://id_token' //will not call the backend, but expects that the token is in the global state

Example

Settings

Settings
👁 Preview

examples/cra-examples/src/settings.ts

loading...

See full example on GitHub

Token​

Token extraction​

Example​

Example​

Token

Token extraction

Example

Example