The OpenID connect standard defines two methods for retrieving user characteristics using claims: through the userinfo endpoint, or through the claims request parameter.
The userinfo method is the most commonly used method and is supported by all certified libraries. The userinfo endpoint acts as an OAuth2 resource server, and the client can use the access_token obtained after a successful login flow to authenticate against the userinfo endpoint and retrieve the user claims as a json document.
You can use our playground application to check how this works. For testing purposes you can one of our test-IdP's. The playground application shows how the client creates the request, and what the userinfo endpoint returns.
Alternatively, by using the claims request parameter claims are included in the id_token. SURFconext also supports this method because some client implementations expect this behaviour.