User (Resource Owner)

SSOfy should be able to obtain user information in a variety of situations, such as in response to API queries like Resource Owner or Find User

📌 Info

It is optional to implement this endpoint. If not provided, only the id of the user will be returned. However, the implementation will be required when utilizing the SSOfy's built-in registration feature. SSOfy relies on this endpoint to look for existing accounts.

We make an effort to maintain a limited level of compliance with OpenID Standards and start supporting all properties overtime.

Consider the following specs in designing your client endpoint:

URLanything
MethodPOST
HeadersContent-Type, Signature
FormatJSON
AttributeTypeRequired
idstringNo
usernamestringNo
emailstringNo
phonestringNo
scopesarrayNo
CodeDescription
200Success
204Not Found
400Signature/Input validation Failed

When user information is requested after authorization is complete, SSOfy sends you the ids of session authorized scopes in the scopes parameter, allowing you to choose which properties to include in the response. If the email scope is missing, for example, you can exclude the email property from the response. Alternatively, if * is present, you can omit all other scopes and output all information.

Based on the schema, the only required properties in the response are id and hash. It would be nice though, if you could provide a display_name to make the user interface more verbose.

hash and id can both be the same. A typical use-case for hash is when the id included in the url for pages such as user profile differs. In this case, hash can be used instead of the real user id.

📌 Info

When the scopes array is empty, it's a good idea to send SSOfy only the information that is required to be displayed on the login page, such as the user's display name and profile.

The response should be a json object containing the user data with the following structure:

{
    "id": "1",
    "hash": "1",
    "display_name": "Test User",
    "name": "Test",
    "picture": "https://...",
    "profile": "https://...",
    "username": "test",
    "email": "...",
    "email_verified": true,
    "phone": "+44...",
    "phone_verified": false,
    "given_name": null,
    "middle_name": null,
    "family_name": null,
    "nickname": null,
    "website": null,
    "gender": null,
    "birthdate": null,
    "address": null,
    "location": null,
    "zoneinfo": null,
    "locale": null,
    "custom_1": null,
    "custom_2": null,
    "custom_3": null,
    "custom_4": null,
    "custom_5": null,
    "custom_6": null,
    "custom_7": null,
    "custom_8": null,
    "custom_9": null,
    "additional": {}
}

💡️ Tip

For a deeper understanding of the structure and optional properties, refer to the schema.

If you need to incorporate additional data to be received and used in your other services, be sure to include it in the additional property.

SSOfy strictly verifies the structure of the response you generate, therefore having properties other than those defined in the schema is not allowed.

ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.


Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.