---
title: Extracting user information when an OIDC plugin is installed
description: Extract user attributes from JavaScript Object Notation (JSON) web tokens (JWT) when an OpenID Connect (OIDC) plugin is installed in the Kong Gateway.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_integrations:pingintelligence_kong_extract_user_attributes_oidc
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_kong_extract_user_attributes_oidc.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
  example: Example:
  next-steps: Next steps
---

# Extracting user information when an OIDC plugin is installed

Extract user attributes from JavaScript Object Notation (JSON) *(tooltip: \<div class="paragraph">
\<p>An open, lightweight data-interchange format that uses human-readable text to store and transmit data.\</p>
\</div>)* web tokens (JWT) when an OpenID Connect (OIDC) *(tooltip: \<div class="paragraph">
\<p>An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\</p>
\</div>)* plugin is installed in the Kong Gateway.

## About this task

To extract user attributes:

## Steps

1. Capture the header value assigned to the `upstream_introspection_header` parameter in the OIDC plugin configuration.

2. Assign the header value to the `location` key in the `jwt` object of the API JSON file.

   ### Result:

   API Security Enforcer (ASE) will extract the user information from the JWT.

3. If `upstream_introspection_header` is not configured in the OIDC plugin, then complete the following configuration and assign `x_introspection` to the `location` key in the `jwt` object of the API JSON file:

   ```
   http patch  :8001/plugins/$PLUGIN_ID config:=@patch.json
   cat patch.json
   {
     "upstream_introspection_header":  "x_introspection"
   }
   ```

   ### Example:

   The following is a snippet of JWT object from a sample API JSON file:

   ```
   "jwt": {
    "location": "h:x_introspection",
   "username": "username",
   "clientid": "client_id"
   }
   ```

## Next steps

For more information on configuring the API JSON file, see [Defining an API using API JSON configuration file in sideband mode](../pingintelligence_reference_guide/pingintelligence_define_api_json_file_sideband.html).