diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6596cf334fd2e80e1ef7919db970aaba6e401944..77d8dd5f7ff29f9b9e3c4d1a6336afc3b24897a9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -142,6 +142,7 @@ behave-integration:
     BASE_URL: "http://172.17.0.5:4444"
     ACCESS_TOKEN_URL: "http://172.17.0.5:4444/oauth2/token"
     AUTHORIZE_URL: "http://172.17.0.5:4444/oauth2/auth"
+    USERINFO_URL: "http://172.17.0.5:4444/userinfo"
     GRAPHQL_URL: "http://172.17.0.6:5000/graphql" # 172.17.0.6 -> backend
     GIT_SUBMODULE_STRATEGY: "recursive"
     TESTUSER_USERNAME: "testuser"
@@ -173,7 +174,7 @@ behave-integration:
     - /bin/sh user-panel/utils/grant-access.sh ${TESTUSER_USERNAME} ${KEY} backend 5000
     - /bin/sh test/create-hydra-client.sh ${KEY} ${SECRET} hydra 4445 http://oauth:5000/callback
     - cd test/login_logout/test/behave/
-    - python3 -m behave -D headless=True -D url=http://oauth:5000 -D logout_url=http://oauth:5000/logout -D username=${TESTUSER_USERNAME} -D username2=${TESTUSER_USERNAME2} -D password=${TESTUSER_PASSWORD}
+    - python3 -m behave -D headless=True -D url=http://oauth:5000 -D logout_url=http://oauth:5000/logout -D userinfo_url=http://oauth:5000/userinfo -D username=${TESTUSER_USERNAME} -D username2=${TESTUSER_USERNAME2} -D password=${TESTUSER_PASSWORD}
   artifacts:
     paths:
       - test/login_logout/test/behave/screenshots/
diff --git a/test/create-hydra-client.sh b/test/create-hydra-client.sh
index 363aec8eb2bef871fd773867f04906e6e2ad253f..569ebcf703fd0769f1a5ba7ea8eac2f668ee4939 100644
--- a/test/create-hydra-client.sh
+++ b/test/create-hydra-client.sh
@@ -8,5 +8,5 @@ REDIRECT_URI=$5
 
 curl --header "Content-Type: application/json" \
     --request POST \
-    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"read\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
+    --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"openid profile email\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
     http://$HOST:$PORT/clients
diff --git a/test/login_logout/app.py b/test/login_logout/app.py
index 87420ec91fa094582a7abdc924b3d253cefb7331..929af86a2152bd4d86fc3bfbc897505581c7ad05 100644
--- a/test/login_logout/app.py
+++ b/test/login_logout/app.py
@@ -10,6 +10,7 @@ BASE_URL=environ["BASE_URL"]
 ACCESS_TOKEN_URL=environ["ACCESS_TOKEN_URL"]
 LOGOUT_URL=environ["LOGOUT_URL"]
 AUTHORIZE_URL=environ["AUTHORIZE_URL"]
+USERINFO_URL=environ["USERINFO_URL"]
 KEY=environ["KEY"]
 SECRET=environ["SECRET"]
 
@@ -25,7 +26,7 @@ sso = oauth.remote_app(
     access_token_url=ACCESS_TOKEN_URL,
     authorize_url=AUTHORIZE_URL,
     consumer_key=KEY,
-    request_token_params={'state': lambda: security.gen_salt(10), "scope": "read"},
+    request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email"},
     consumer_secret=SECRET)
 
 @sso.tokengetter
@@ -36,6 +37,14 @@ def get_sso_token(token=None):
 def login():
     return sso.authorize(url_for('callback', _external=True))
 
+@app.route('/userinfo')
+def get_userinfo():
+    if "id_token" in session:
+        #return jsonify(sso.request(USERINFO_URL, token=session["id_token"]))
+        resp = sso.request(USERINFO_URL)
+        return jsonify(resp.data)
+    abort(403)
+
 @app.route('/logout')
 def logout():
     del session['sso_token']
@@ -49,6 +58,8 @@ def callback():
             return jsonify(request.args)
         abort(403)
     session['sso_token'] = (resp['access_token'],None)
+    if "id_token" in resp:
+        session['id_token'] = resp['id_token']
     return jsonify(resp)
 
 if __name__ == "__main__":
diff --git a/test/login_logout/test/behave/features/environment.py b/test/login_logout/test/behave/features/environment.py
index f60dbc8160b874a3d65a37de028fd55a76b8400e..ab1ab0d781fef6cf572f4f8a26db2aa9bed66984 100644
--- a/test/login_logout/test/behave/features/environment.py
+++ b/test/login_logout/test/behave/features/environment.py
@@ -39,6 +39,7 @@ def before_tag(context, tag):
     userdata = context.config.userdata
     values['url'] = userdata.get('url')
     values['logout_url'] = userdata.get('logout_url')
+    values['userinfo_url'] = userdata.get('userinfo_url')
     values['username'] = userdata.get('username')
     values['username2'] = userdata.get('username2')
     values['password'] = userdata.get('password')
diff --git a/test/login_logout/test/behave/features/login.feature b/test/login_logout/test/behave/features/login.feature
index f7a9cc0144e9272a0031b33252740e8b75732238..ec313957dc129dffb429733bcefec69a8d8e9c3d 100644
--- a/test/login_logout/test/behave/features/login.feature
+++ b/test/login_logout/test/behave/features/login.feature
@@ -20,6 +20,11 @@ Scenario: Login with a valid user with access to application
     And I expect that the path is "/callback"
     And I expect that element "body" contains the text "access_token"
 
+Scenario: Get OpenID Connect userdata for testuser
+    Given I open the userinfo URL
+    Then I expect that element "body" contains the text "email"
+    And I expect that element "body" contains the value of var "username"
+
 Scenario: Logout
     Given I open the logout URL
     Then I wait on element "input#username" for 1000ms to be visible
diff --git a/test/login_logout/test/behave/features/steps/login.py b/test/login_logout/test/behave/features/steps/login.py
index ba1a9dfb52d3f512561b39633732b8ecd53bee82..1374b67321296fda19fb50bff84353a132304f86 100644
--- a/test/login_logout/test/behave/features/steps/login.py
+++ b/test/login_logout/test/behave/features/steps/login.py
@@ -22,6 +22,11 @@ def step_impl(context):
     """Logout by visitng the logout url"""
     context.behave_driver.get(context.oauth['logout_url'])
 
+@when(u'I open the userinfo URL')
+@given(u'I open the userinfo URL')
+def step_impl(context):
+    """Logout by visitng the logout url"""
+    context.behave_driver.get(context.oauth['userinfo_url'])
 
 @when(u'I enter the "{attribute}" in the inputfield "{element}"')
 def step_impl(context, attribute,  element):
@@ -31,4 +36,10 @@ def step_impl(context, attribute,  element):
     value = context.oauth[attribute]
     elem.send_keys(value)
 
+@then(u'I expect that element "{element}" contains the value of var "{variable}"')
+def step_impf(context, element, variable):
+    """Check if value is in field"""
+    elem = context.behave_driver.get_element(element)
+    value = context.oauth[variable]
+    assert value in elem.text