Skip to main content
Qlik Connect 2024! Seize endless possibilities! LEARN MORE

Qlik Sense OIDC: How to check user information from the userinfo endpoint manually

No ratings
Showing results for 
Search instead for 
Did you mean: 

Qlik Sense OIDC: How to check user information from the userinfo endpoint manually

Last Update:

May 10, 2022 1:34:28 PM

Updated By:


Created date:

Feb 4, 2022 5:28:44 AM

This article explains how to request an access token manually from your Identity provider token endpoint and verify user information from the /userinfo endpoint.


Qlik Cloud (Except for "ADFS" and "Azure" Identity provider types - see here instead)


First of all, for testing purposes, add the URL "https://test/login/callback" used in this script in your Identity Provider (IdP) allowed redirect URIs. The reason we are doing this is because we want to request the token manually to check the userinfo endpoint content and not have it getting automatically processed by Qlik Sense.

  1. Run the below PowerShell script to get your authorization URL. Variables authorization_endpoint, client_id, and scope need to be updated to match your IdP, those information can be found from the /.well-known/openid-configuration endpoint.
    $authorization_endpoint = ''
    $client_id = '3fgfdd23thuymwsiEANFd7'
    $redirect_uri = [System.Web.HTTPUtility]::UrlEncode("https://test/login/callback")
    $scope = 'openid%20profile%20email'
    #Paste this URL in your browser to get back the authorization code
  2. Paste the URL output from the script in your browser and log in to your Identity provider, the URL should look like this:

    After the authentication is completed, you will be redirected to https://test/login/callback with an authorization code in the URL, copy the authorization code that we will use in the next step.

    Copy the value between code= and the next & sign. (The length of the authorization code may vary depending on the IdP)


  3.  Request the access token from the token_endpoint URL (also found from the /.well-known/openid-configuration endpoint)
    $client_id = '3fgfdd23thuymwsiEANFd7'
    $redirect_uri = [System.Web.HTTPUtility]::UrlEncode("https://test/login/callback")
    $client_secret = '4Z45jlfsjf12l3231ljfsflsjfsdlriueiot3ucxh'
    $token_endpoint = ''
    #Put your authorization code here
    $auth_code = 'mq5iHdLyBSZkpFubWJC2v3hVptrYT2j9VeQ6QpgED_s'
    $pair = "$($client_id):$($client_secret)"
    $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
    $basicAuthValue = "Basic $encodedCreds"
    $hdrs = @{}
    $body = 'code='+$auth_code+'&grant_type=authorization_code&redirect_uri='+$redirect_uri+'&code_verifier='+$code_verifier
    $response = Invoke-WebRequest -Uri $token_endpoint -Method Post -Body $body -Headers $hdrs -ContentType 'application/x-www-form-urlencoded'
    echo $response.Content​ > C:\temp\okta-accesstoken.txt
  4. Copy the value in "access_token" from the request response in order to use it for the next request.
  5. Request the user information from the userinfo_endpoint (also found from the /.well-known/openid-configuration endpoint) using the access token:
    #Fill in userinfo endpoint URL here
    $userinfo_endpoint = ''
    #Fill in your access token here
    $accesstoken = "Bearer eyJraWQiOiJoVUIzX1N0WUMtdkh..._oOtPSAHF7qSPITfjd3l9V6JykndcxPlmPg"
    $hdrs = @{}
    $response = Invoke-WebRequest -Uri $userinfo_endpoint -Method Get -Headers $hdrs
    echo $response.Content​

    You can confirm if the expected claims are included in the user info endpoint or not.
Labels (1)
Version history
Last update:
‎2022-05-10 01:34 PM
Updated by: