k7ilSSKJr SSKJr SSKJr SSKJr SSKJr SSK J r SSK J r "S S 5r g ) )Optional)default_json_headers)jwt)AuthorizationServer) OAuth2Request)ResourceProtector)UserInfoc\rSrSrSrSrSS\\S\\4Sjjr S\ 4S jr S\ 4S jr S \ S \4S jrS \ 4SjrSrSrg)UserInfoEndpoint aOpenID Connect Core UserInfo Endpoint. This endpoint returns information about a given user, as a JSON payload or as a JWT. It must be subclassed and a few methods needs to be manually implemented:: class UserInfoEndpoint(oidc.core.UserInfoEndpoint): def get_issuer(self): return "https://auth.example" def generate_user_info(self, user, scope): return UserInfo( sub=user.id, name=user.name, ... ).filter(scope) def resolve_private_key(self): return server_private_jwk_set() It is also needed to pass a :class:`~authlib.oauth2.rfc6749.ResourceProtector` instance with a registered :class:`~authlib.oauth2.rfc6749.TokenValidator` at initialization, so the access to the endpoint can be restricter to valid token bearers:: resource_protector = ResourceProtector() resource_protector.register_token_validator(BearerTokenValidator()) server.register_endpoint( UserInfoEndpoint(resource_protector=resource_protector) ) And then you can plug the endpoint to your application:: @app.route("/oauth/userinfo", methods=["GET", "POST"]) def userinfo(): return server.create_endpoint_response("userinfo") userinfoNserverresource_protectorcXlX lgN)rr)selfrrs T/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oidc/core/userinfo.py__init__UserInfoEndpoint.__init__4s  "4requestc8URRU5$r)rcreate_oauth2_request)rrs rcreate_endpoint_request(UserInfoEndpoint.create_endpoint_request<s{{0099rcURRS5nUR5nUR5nUR XBR 5nUR RS5=n(aOUR5US'URUS'[R"SU0XPR55nSUS/4$SU[4$)Nopeniduserinfo_signed_response_algissaudalg)z Content-Typezapplication/jwt)r acquire_token get_clientget_usergenerate_user_infoscopeclient_metadataget get_issuer client_idrencoderesolve_private_keyr)rrtokenclientuser user_infor"datas r__call__UserInfoEndpoint.__call__?s''55h?!!#~~++D++> ((,,-KL L3 L $0Ie %//Ie ::uclI7O7O7QRDBCC CI333rr(returnc[5e)af Generate a :class:`~authlib.oidc.core.UserInfo` object for an user:: def generate_user_info(self, user, scope: str) -> UserInfo: return UserInfo( given_name=user.given_name, family_name=user.last_name, email=user.email, ... ).filter(scope) This method must be implemented by developers. NotImplementedError)rr1r(s rr'#UserInfoEndpoint.generate_user_infoRs "##rc[5e)aThe OP's Issuer Identifier URL. The value is used to fill the ``iss`` claim that is mandatory in signed userinfo:: def get_issuer(self) -> str: return "https://auth.example" This method must be implemented by developers to support JWT userinfo. r8rs rr+UserInfoEndpoint.get_issuerbs "##rcg)zReturn the server JSON Web Key Set. This is used to sign userinfo payloads:: def resolve_private_key(self): return server_private_jwk_set() This method must be implemented by developers to support JWT userinfo signing. Nr<s rr.$UserInfoEndpoint.resolve_private_keynsr)rr)NN)__name__ __module__ __qualname____firstlineno____doc__ ENDPOINT_NAMErrrrrrr4strr r'r+r.__static_attributes__r?rrr r sv#JM15:>5,-5%%675:}:4 4&$c$h$ $C $ rr N)typingrauthlib.constsr authlib.joser+authlib.oauth2.rfc6749.authorization_serverrr)authlib.oauth2.rfc6749.resource_protectorrclaimsr r r?rrrOs&/KEGllr