private String lookupIdentityInUserInfo(final BearerAccessToken bearerAccessToken) throws IOException {
    try {
        // build the user request
        final UserInfoRequest request = new UserInfoRequest(oidcProviderMetadata.getUserInfoEndpointURI(), bearerAccessToken);
        final HTTPRequest tokenHttpRequest = request.toHTTPRequest();
        tokenHttpRequest.setConnectTimeout(oidcConnectTimeout);
        tokenHttpRequest.setReadTimeout(oidcReadTimeout);

        // send the user request
        final UserInfoResponse response = UserInfoResponse.parse(request.toHTTPRequest().send());

        // interpret the details
        if (response.indicatesSuccess()) {
            final UserInfoSuccessResponse successResponse = (UserInfoSuccessResponse) response;

            final JWTClaimsSet claimsSet;
            if (successResponse.getUserInfo() != null) {
                claimsSet = successResponse.getUserInfo().toJWTClaimsSet();
            } else {
                claimsSet = successResponse.getUserInfoJWT().getJWTClaimsSet();
            }

            final String identity = claimsSet.getStringClaim(properties.getOidcClaimIdentifyingUser());

            // ensure we were able to get the user's identity
            if (StringUtils.isBlank(identity)) {
                throw new IllegalStateException("Unable to extract identity from the UserInfo token using the claim '" +
                        properties.getOidcClaimIdentifyingUser() + "'.");
            } else {
                return identity;
            }
        } else {
            final UserInfoErrorResponse errorResponse = (UserInfoErrorResponse) response;
            throw new RuntimeException("An error occurred while invoking the UserInfo endpoint: " + errorResponse.getErrorObject().getDescription());
        }
    } catch (final ParseException | java.text.ParseException e) {
        throw new RuntimeException("Unable to parse the response from the UserInfo token request: " + e.getMessage());
    }
}
 

public Optional<UserInfo> getUserInfo(String accessToken) throws IOException, ParseException {
  final URI userInfoUri = fromUri(getUserInfUrl(discoveryUrl)).build();
  final UserInfoRequest userInfoRequest = new UserInfoRequest(userInfoUri, new BearerAccessToken(accessToken));
  final UserInfoResponse userInfoResponse = UserInfoResponse.parse(userInfoRequest.toHTTPRequest().send());

  if (userInfoResponse.indicatesSuccess()) {
    return Optional.of(userInfoResponse.toSuccessResponse().getUserInfo());
  } else {
    LOG.warn("User info request failed: {}", userInfoResponse.toErrorResponse().getErrorObject());
    return Optional.empty();
  }
}