Authenticated User (Resource Owner)

When you need more information about an authenticated user, you can ask SSOfy to query the data by token. The API is quite similar to the Token Verification API, with the exception that the SSOfy will send a request to the resource server (your server) to retrieve the latest data for you.

⚠️ Warning

This feature only works if the resource server provides User Endpoint.

📌 Info

We have left out the information that is shared with Token Verification API here in order to minimize content duplication and keep things more subject-oriented and informative.

Here is a sample curl for authenticated user inquiry:

curl --request POST 'https://api.ssofy.com/v1/authenticated/user' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Api-Key: cf47d697-cc0b-4262-8329-78a0995e6fd0' \
--header 'Signature: eyJoYXNoIjoiZDk4Nzc0ZjkyNGEzMzM3OTQzZDMxODM3ZDU2OTQwYWYwOTUxZTQxNjM4NjUwNzgwOTAxZmNhYzBmOWU2Njg5NyIsInNhbHQiOiJiOEFtM2pBNHMifQ=='
--data-raw '{
    "bearer": "01835fd6ad5672e5944bbfe74bedd5e376aba016149b4b92a7efc397d78c6fbe"
}'
{
    "token": {
        "token": "0184f38cfe53715880bdc64415face01ea401c6a0c2b4da0a1f98a2104c7a7e1",
        "scopes": [
            "*"
        ],
        "user_id": "sandbox-user",
        "client_id": "sandbox",
        "expires_at": "2023-12-08T21:52:46-05:00"
    },
    "user": {
        "id": "sandbox-user",
        "hash": "sandbox-user",
        "display_name": "Guest",
        "name": "Guest",
        "picture": "https://i.pravatar.cc/48",
        "profile": "https://example.com/profile",
        "additional": {
            "country": "UK"
        }
    }
}

SSOfy replies with a JSON payload containing the user information provided by the resource server. You can still see the token alongside the payload, which basically means, if you have a use-case where you need both the token and the user data, you can skip using the Token Verification API and use this API instead.

💡️ Tip

The Signature header, which should be verified for enhanced security, is also included in the response headers.

Unlike the Token Verification API, caching user information is entirely up to you, and we have no control over it.

SSOfy is unable to notify you since it does not know when or where the user information has changed.

ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.