Feide has deprecated the Legacy OAuth Userinfo Endpoint described at: https://docs.feide.no/reference/apis/deprecated/legacy_userinfo.html
This endpoint is part of their old OAuth 2.0 API and is no longer recommended for integration. The legacy /oauth/userinfo endpoint will be shut down in the future, and Feide strongly advises migrating to the OpenID Connect (OIDC) UserInfo endpoint.
Impact:
Our current integration still calls this legacy endpoint to retrieve authenticated user profile data. Continued use poses the following risks:
- Future breakage: Once Feide removes support, authentication-dependent features will fail.
- Security concerns: The legacy implementation does not align with current OAuth 2.0 and OIDC best practices.
- Maintenance burden: Using outdated APIs increases technical debt.
Required Changes:
- Identify all code locations where the legacy endpoint is used.
- Replace calls to the legacy endpoint with requests to the OIDC-compliant
userinfo endpoint.
- Update authentication scopes to match OIDC requirements.
- Test the new flow to ensure user attributes are retrieved as expected.
- Remove any code paths relying on legacy OAuth-only attributes.
References:
Acceptance Criteria:
Feide has deprecated the Legacy OAuth Userinfo Endpoint described at: https://docs.feide.no/reference/apis/deprecated/legacy_userinfo.html
This endpoint is part of their old OAuth 2.0 API and is no longer recommended for integration. The legacy
/oauth/userinfoendpoint will be shut down in the future, and Feide strongly advises migrating to the OpenID Connect (OIDC) UserInfo endpoint.Impact:
Our current integration still calls this legacy endpoint to retrieve authenticated user profile data. Continued use poses the following risks:
Required Changes:
userinfoendpoint.References:
Acceptance Criteria:
/oauth/userinfoendpoint are removed./userinfoendpoint.