The /userinfo endpoint is used to gather information about the user associated with an issued access token. This article provides guidance for identifying and resolving common authorization errors and unexpected responses when calling this endpoint.

• Auth0 Authentication API
• Access Tokens

401 Unauthorized Error: When encountering 401 errors when using this endpoint, this is typically from not providing the "Authorization" header with a correct access token to use this endpoint. This endpoint relies on an access token issued to an end user to identify the user. The endpoint specifically uses the "sub" claim in the access token to locate the user ID of the user to identify them.

Empty JSON Object (200 Success): When receiving a success 200 response, but only receiving an empty JSON object. This is due to not having the "openid" attribute in the scope parameter of the initial /authorize request. "openid" can also be followed up with "email" and "profile" attributes to get more user information returned from the /userinfo endpoint on a user.

Ensure the Authorization header with a user-issued access token with the openid (optionally profile and email as well) attribute scoped is included in the HTTP request to the /userinfo endpoint. For more information on the /userinfo endpoint, refer to the Get User Info documentation.

Here is an example of including the correct scopes in the /authorize request: 

https://{{auth0_domain}}/authorize?client_id={{auth0_client_id}}&response_type=code&code_challenge={{auth0_code_challenge_do_not_edit}}&code_challenge_method=S256&redirect_uri={{redirect_uri}}&scope=openid email profile&nonce=123&state=456&prompt=login