> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dados.rio/llms.txt
> Use this file to discover all available pages before exploring further.

# Get user by CPF

> Retrieve detailed information about a user by their CPF (Brazilian tax ID).

**User Identification**: Users are identified by their CPF (Cadastro de Pessoa Física),
which is extracted from the `preferred_username` field in Keycloak JWT tokens.

**Authorization**: All authenticated users can retrieve user information.

**Auto-Creation**: Users are automatically created when they first authenticate with a valid JWT token.

**Role Aggregation**: The response includes both direct roles assigned to the user and
roles inherited through group memberships.

**Use Cases**:
- User profile display in applications
- Administrative user management
- Role and permission verification
- Group membership tracking
- Integration with external systems requiring user data



## OpenAPI

````yaml https://raw.githubusercontent.com/prefeitura-rio/heimdall/main/docs/api/openapi.json get /api/v1/users/{cpf}
openapi: 3.1.0
info:
  title: Heimdall Admin Service
  description: >-
    # Heimdall Admin Service API


    A comprehensive admin service for user and group management with
    authorization powered by Cerbos.


    ## Features


    - **User Management**: Automatic user creation from JWT tokens with
    role-based access control

    - **Group Management**: Create, manage, and assign users to groups with
    hierarchical permissions

    - **Role Management**: Define and assign roles to users and groups

    - **Mapping Management**: Configure API endpoint to action mappings for
    authorization

    - **Action Management**: Define available actions for fine-grained
    permission control

    - **Cerbos Integration**: Policy-based authorization with external Cerbos
    service

    - **Audit Logging**: Comprehensive audit trail for all administrative
    operations

    - **Redis Caching**: High-performance caching for frequently accessed data
  version: 1.0.0
servers:
  - url: https://services.pref.rio/heimdall-admin
    description: Production server
  - url: https://services.staging.app.dados.rio/heimdall-admin
    description: Staging server
security: []
tags:
  - name: health
    description: Service health and readiness checks
  - name: users
    description: >-
      User management operations. Users are automatically created from JWT
      tokens.
  - name: groups
    description: >-
      Group management operations. Groups organize users and can have roles
      assigned.
  - name: memberships
    description: Group membership management. Assign and remove users from groups.
  - name: roles
    description: >-
      Role management operations. Roles define permissions that can be assigned
      to users or groups.
  - name: actions
    description: >-
      Action management operations. Actions define the granular permissions
      available in the system.
  - name: mappings
    description: >-
      API endpoint to action mapping configuration. Maps HTTP endpoints to
      authorization actions.
paths:
  /api/v1/users/{cpf}:
    get:
      tags:
        - users
      summary: Get user by CPF
      description: >-
        Retrieve detailed information about a user by their CPF (Brazilian tax
        ID).


        **User Identification**: Users are identified by their CPF (Cadastro de
        Pessoa Física),

        which is extracted from the `preferred_username` field in Keycloak JWT
        tokens.


        **Authorization**: All authenticated users can retrieve user
        information.


        **Auto-Creation**: Users are automatically created when they first
        authenticate with a valid JWT token.


        **Role Aggregation**: The response includes both direct roles assigned
        to the user and

        roles inherited through group memberships.


        **Use Cases**:

        - User profile display in applications

        - Administrative user management

        - Role and permission verification

        - Group membership tracking

        - Integration with external systems requiring user data
      operationId: get_user_by_cpf_api_v1_users__cpf__get
      parameters:
        - name: cpf
          in: path
          required: true
          schema:
            type: string
            title: Cpf
      responses:
        '200':
          description: User information retrieved successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserResponse'
              example:
                id: 1
                cpf: '12345678901'
                display_name: João Silva
                groups:
                  - engineering_team:backend
                  - data_analysts:read
                roles:
                  - superadmin
                  - data-analyst
        '401':
          description: Unauthorized - Invalid or missing JWT token
          content:
            application/json:
              example:
                detail: Could not validate credentials
        '404':
          description: User not found - CPF does not exist in the system
          content:
            application/json:
              example:
                detail: User with CPF '12345678901' not found
        '422':
          description: Validation error - Invalid CPF format
          content:
            application/json:
              example:
                detail: Validation error
                errors:
                  - loc:
                      - path
                      - cpf
                    msg: string does not match regex
                    type: value_error.regex
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                detail: An unexpected error occurred while retrieving user information
      security:
        - HTTPBearer: []
components:
  schemas:
    UserResponse:
      properties:
        id:
          type: integer
          title: Id
          description: Unique identifier for the user
          example: 1
        cpf:
          type: string
          pattern: ^[0-9]{11}$
          title: Cpf
          description: User's CPF (Cadastro de Pessoa Física) - Brazilian tax ID
          example: '12345678901'
        display_name:
          anyOf:
            - type: string
            - type: 'null'
          title: Display Name
          description: User's display name from JWT token (name, given_name, or email)
          example: João Silva
        groups:
          items:
            type: string
          type: array
          title: Groups
          description: List of groups the user belongs to
          example:
            - engineering_team:backend
            - data_analysts:read
        roles:
          items:
            type: string
          type: array
          title: Roles
          description: List of roles assigned to the user (both direct and through groups)
          example:
            - superadmin
            - data-analyst
      type: object
      required:
        - id
        - cpf
      title: UserResponse
      description: Response model for user information.
      example:
        cpf: '12345678901'
        display_name: João Silva
        groups:
          - engineering_team:backend
          - data_analysts:read
        id: 1
        roles:
          - superadmin
          - data-analyst
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````