Client Access Resource - nov/openid_connect GitHub Wiki

Use Rack::OAuth2 gem

Once you got an access token, how to use it is out of openid_connect gem's scope.

access_token = Rack::OAuth2::AccessToken::Bearer.new(
  access_token: 'a105a71a4071f7faa3b...'
)
access_token.get 'https://resource.server.example.com/me/feed'

UserInfo API

OpenIDConnect::AccessToken extends Rack::OAuth2::AccessToken::Bearer for better UserInfo API access. Instead, it requires client attribute when initializing.

client = OpenIDConnect::Client.new(
  identifier:'client_id',
  userinfo_endpoint: 'https://resource.server.example.com/userinfo'
)
access_token = OpenIDConnect::AccessToken.new(
  access_token: 'access_token',
  client: client
)
userinfo = access_token.userinfo! # => OpenIDConnect::ResponseObject::UserInfo instance

Since UserInfo API is one of OAuth2 protected resources, you can simply use rack-oauth2 gem for the API access. In that case, it'll returns a JSON object (Hash in Ruby), instead of OpenIDConnect::ResponseObject::UserInfo instance. Choose whichever you prefer.