Auth: Add userinfo API endpoint to get information about the logged in user #2134

New issue

Open

opened 2026-02-20 01:06:51 -05:00 by deekerman · 2 comments

deekerman commented 2026-02-20 01:06:51 -05:00

Owner

Copy link

Originally created by @lastzero on GitHub (Jul 3, 2024).

Performing an authenticated request to GET /api/v1/oauth/userinfo should return information about the logged in user:

• https://github.com/photoprism/photoprism/blob/develop/internal/api/oauth_userinfo.go

(1) Since we are using the (OpenID Foundation certified) github.com/zitadel/oidc library for the recently released OIDC client implementation, the authorize and userinfo API endpoints should also be based on it (as much as possible):

• https://github.com/photoprism/photoprism/tree/develop/internal/auth/oidc
• github.com/zitadel/oidc@7b8be4387a/pkg/op/userinfo.go (L26-L48)

(2) Based on this (a) allowing authentication and authorization with our own auth/session tokens (so existing clients can use the endpoint) and (b) setting the Userinfo values from the User entity seems to be pretty much all that is needed.

(3) In addition, all pull requests should include unit tests - at least for the core functionality - to ensure that the changes work as expected: https://docs.photoprism.app/developer-guide/pull-requests/#acceptance-criteria

---

Documentation:

• https://docs.photoprism.app/developer-guide/api/#openid-configuration
• https://docs.photoprism.app/developer-guide/api/oidc/#service-discovery
• https://docs.photoprism.app/developer-guide/api/oauth2/

Protocol References:

• https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
• https://www.oauth.com/oauth2-servers/openid-connect/id-tokens/

Related Issues:

• https://github.com/photoprism/photoprism/issues/4368
• https://github.com/photoprism/photoprism/issues/782
• https://github.com/photoprism/photoprism/issues/3943

Originally created by @lastzero on GitHub (Jul 3, 2024). Performing an authenticated request to `GET /api/v1/oauth/userinfo` should return information about the logged in user: - https://github.com/photoprism/photoprism/blob/develop/internal/api/oauth_userinfo.go **(1)** Since we are using the (OpenID Foundation certified) [`github.com/zitadel/oidc`](https://github.com/zitadel/oidc) library for the [recently released OIDC client](https://docs.photoprism.app/developer-guide/api/oidc/) implementation, the [`authorize`](https://github.com/photoprism/photoprism/issues/4368) and `userinfo` API endpoints should also be based on it (as much as possible): - https://github.com/photoprism/photoprism/tree/develop/internal/auth/oidc - https://github.com/zitadel/oidc/blob/7b8be4387a20a2ceeb5dfd7a229f308e1a6e01ba/pkg/op/userinfo.go#L26-L48 **(2)** Based on this (a) allowing authentication and authorization with our [own auth/session tokens](https://github.com/photoprism/photoprism/blob/develop/internal/api/api_auth.go) (so existing clients can use the endpoint) and (b) setting the [Userinfo](https://github.com/zitadel/oidc/blob/main/pkg/oidc/userinfo.go) values from the [User](https://github.com/photoprism/photoprism/blob/develop/internal/entity/auth_user.go) entity seems to be pretty much all that is needed. **(3)** In addition, all pull requests should [include unit tests](https://docs.photoprism.app/developer-guide/code-quality/#test-automation-guidelines) - at least for the core functionality - to ensure that the changes work as expected: https://docs.photoprism.app/developer-guide/pull-requests/#acceptance-criteria --- Documentation: - https://docs.photoprism.app/developer-guide/api/#openid-configuration - https://docs.photoprism.app/developer-guide/api/oidc/#service-discovery - https://docs.photoprism.app/developer-guide/api/oauth2/ Protocol References: - https://openid.net/specs/openid-connect-core-1_0.html#UserInfo - https://www.oauth.com/oauth2-servers/openid-connect/id-tokens/ Related Issues: - https://github.com/photoprism/photoprism/issues/4368 - https://github.com/photoprism/photoprism/issues/782 - https://github.com/photoprism/photoprism/issues/3943

deekerman added the

enhancement

help wanted

api

security

auth

labels 2026-02-20 01:06:51 -05:00

deekerman commented 2026-02-20 01:06:52 -05:00

Author

Owner

Copy link

@andiz2 commented on GitHub (Jul 13, 2024):

Hi friends! I can take care of this endpoint too :).
Would be so much fun.

@andiz2 commented on GitHub (Jul 13, 2024): Hi friends! I can take care of this endpoint too :). Would be so much fun.

deekerman commented 2026-02-20 01:06:52 -05:00

Author

Owner

Copy link

@lastzero commented on GitHub (Jul 13, 2024):

@andiz2 Awesome, thank you very much! I've updated the issue description and added the most important acceptance criteria as well as links to the code and library we're using. I'll be happy to help if you have any questions or would like to join our contributors chat.

@lastzero commented on GitHub (Jul 13, 2024): @andiz2 Awesome, thank you very much! I've updated the issue description and added the most important acceptance criteria as well as links to the code and library we're using. I'll be [happy to help](https://www.photoprism.app/contact) if you have any questions or would like to join our contributors chat.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

preview

feature/eslint-workspace-setup

web-ui-settings

main

feature/postgresql

update-install-ffmpeg

manually-mark-faces

release

fix-chip-selector

feature/batch-edit

fix-location-dialog

fix-person-add

albums-multi-select-add

convert-vitest

arch/armv7

scratch/frontend

feature/pkg-vector

feature/Add-Toggle-to-Flag-Unflag-Pictures-as-Favorites-#4700

feature/add-a-Button-to-Open-the-Edit-Dialog-#4701

snyk-fix-a18f3b867b474d01546caa6b2ffb4e33

snyk-fix-9052b9d9f65ff54a352cb1daabdcefec

snyk-fix-05e780c8a2fcb550559875e0344f1151

snyk-fix-696fe57b8a4621885956822debda650c

snyk-fix-4aae5f1839c69bfa8bd6b604b0e44fb8

snyk-fix-9afbb533ba192334eee7b4fe3aeefa9b

snyk-fix-da5002d9fa0172fa58a98b00c749e3ed

snyk-fix-c69dc41f471531e77ce9ddff82b5351f

feature/video-player

snyk-fix-85d266a32f306697f98ee5ea793e57e3

snyk-fix-5b0185163b112042eafc9a11985eb592

l10n/frontend

l10n/backend

feature/oidc-v2

acceptance-tests

feature/people

1151-apple-photos-xmp

translate

feature/filebrowser

feature/sharing

feature/246

feature/slideshow

upgrade/vuetify2

251130-b3068414c

250707-d28b3101e

250426-27ec7a128

250425-21ddba459

250321-57590c48b

250228-43447fa38

250224-834c16bc7

250223-b79d21907

240915-e1280b2fb

240711-2197af848

240531-60b3a4628

240528-977d6c0de

240523-923ee0cf7

240420-ef5f14bc4

231128-f48ff16ef

231021-9abea5b55

231011-63f708417

230923-e59851350

230719-73fa7bbe8

230625-17242fb07

230615-90a18f6e7

230607-9e086c7eb

230603-378d4746a

230513-0b780defb

230506-9de9a3540

230504-cbf48798c

230502-c405f6eff

221118-e58fee0fb

221117-3268c4de8

221116-122ebfb70

221105-7a295cab4

221104-20d180b21

221103-211eb36ea

221102-905925b4d

220901-f493607b0

220730-0e1222c83

220728-729ddd920

220629-5d7448d2

220617-0402b8d3

220614-dea9ff68

220528-efb5d710

220527-005770ca

220524-c76de0df

220517-b9c68f8f

220302-0059f429

220121-2b4c8e1f

220118-76c94a1f

220107-f5b7ef83

211215-93b26f19

211210-2cb90e7e

211203-fdb6b5e1

211130-13cfcf6d

211128-7e8974fd

211127-86c43159

211018-e200f322

211010-83b4f783

211009-d6cc8df5

211007-8f55d6f8

211002-bf015326

210925-96168e4b

210523-b1856b9d

210520-4b32bac7

210519-24b5c7e6

210518-80981c25

210505-d3e53a89

210426-da6e948f

210422-97e75b04

210222-ac5a9d5e

210217-49039368

210216-4939e36a

210211-b9595dd4

210208-9e10ba69

210128-a82061e0

210121-07e559df

210120-e7cd5e9a

210119-a5399f06

210111-cc05c430

210104-7f9e806a

210102-af71e5f7

Labels

Clear labels   

ai

  

android

  

api

  

auth

  

awesome

  

bug

  

bug

  

ci

  

cli

  

config

  

database

  

declined

  

deprecated

  

docker

  

docs 📚

  

documents

  

duplicate

  

easy

  

enhancement

  

enhancement

  

enhancement

  

epic

  

faces

  

feedback wanted

  

frontend

  

hacktoberfest

  

help wanted

  

idea

  

in-progress

  

incomplete

  

index

  

invalid

  

ios

  

labels

  

live

  

live

  

low-priority

  

macos

  

member-feature

  

metadata

  

mobile

  

nas

  

needs-analysis

  

no-coding-required

  

no-coding-required

  

observability

  

performance

  

places

  

please-test

  

plus-feature

  

priority

  

pro-feature

  

question

  

raspberry-pi

  

raw

  

released

  

released

  

released

  

research

  

resolved

  

security

  

sharing

  

tested

  

tests

  

third-party-issue

  

thumbnails

  

upgrade

  

upstream-issue

  

ux

  

vector

  

video

  

waiting

  

won't fix

  

won't fix

No labels

ai

android

api

auth

awesome

bug

bug

ci

cli

config

database

declined

deprecated

docker

docs 📚

documents

duplicate

easy

enhancement

enhancement

enhancement

epic

faces

feedback wanted

frontend

hacktoberfest

help wanted

idea

in-progress

incomplete

index

invalid

ios

labels

live

live

low-priority

macos

member-feature

metadata

mobile

nas

needs-analysis

no-coding-required

no-coding-required

observability

performance

places

please-test

plus-feature

priority

pro-feature

question

raspberry-pi

raw

released

released

released

research

resolved

security

sharing

tested

tests

third-party-issue

thumbnails

upgrade

upstream-issue

ux

vector

video

waiting

won't fix

won't fix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/photoprism#2134

No description provided.