Invoking the UserInfo endpoint
In addition to being able to find information about the authenticated user from the ID token, it is also possible to invoke the UserInfo endpoint with an access token obtained through an OIDC flow.
Let’s try this out by opening the playground application. You may at this point have to send new authentication and token requests, as it may be that your SSO session has expired.
If you’re a quick reader (or you obtained new tokens), then click on 5 – UserInfo. Under UserInfo Request, you will see that the playground application is sending a request to the Keycloak UserInfo endpoint, including the access token in the authorization header.
The following screenshot from the playground application shows an example UserInfo Request:
Figure 4.11: UserInfo request
Under UserInfo Response you will see the response Keycloak sent. You may notice that this does not have all the additional fields in the ID token, but rather...