Skip to content

GET /api/oauth/userinfo

Read standard OIDC user claims for the authenticated user.

Endpoint

text
GET /api/oauth/userinfo

Authentication

Requires a valid bearer access token that includes the openid scope.

text
Authorization: Bearer <access-token>

The Bearer scheme is matched case-insensitively per RFC 6750.

Response Shape

The response always contains:

FieldTypeDescription
substringStable e-Próspera user ID.

Additional fields depend on scopes:

When profile is granted

FieldType
namestring | null
given_namestring | null
family_namestring | null
picturestring | null

When email is granted

FieldType
emailstring | null
email_verifiedboolean

email_verified reflects the user's verification status in Auth0. It is true only when Auth0 reports the email as verified.

Example Response

json
{
  "sub": "0b8f7c17-5f43-4f8a-9a43-0e1f2a3b4c5d",
  "name": "Maria Rodriguez",
  "given_name": "Maria",
  "family_name": "Rodriguez",
  "picture": "https://...",
  "email": "maria@example.com",
  "email_verified": true
}

Error Responses

401 Unauthorized

json
{
  "error": "missing_token"
}
json
{
  "error": "invalid_token"
}

403 Forbidden

Returned when the access token is valid but does not include the openid scope.

json
{
  "error": "insufficient_scope"
}

404 Not Found

json
{
  "error": "user_not_found"
}

Notes

  • userinfo returns standard OIDC claims only.
  • Use the public /api/v1/me/* endpoints for Próspera-specific data such as residency, identity-verification images, and legal-entity records.