Appearance
GET /api/oauth/userinfo
Read standard OIDC user claims for the authenticated user.
Endpoint
text
GET /api/oauth/userinfoAuthentication
Requires a valid bearer access token that includes the openid scope.
text
Authorization: Bearer <access-token>The Bearer scheme is matched case-insensitively per RFC 6750.
Response Shape
The response always contains:
| Field | Type | Description |
|---|---|---|
sub | string | Stable e-Próspera user ID. |
Additional fields depend on scopes:
When profile is granted
| Field | Type |
|---|---|
name | string | null |
given_name | string | null |
family_name | string | null |
picture | string | null |
When email is granted
| Field | Type |
|---|---|
email | string | null |
email_verified | boolean |
email_verified reflects the user's verification status in Auth0. It is true only when Auth0 reports the email as verified.
Example Response
json
{
"sub": "0b8f7c17-5f43-4f8a-9a43-0e1f2a3b4c5d",
"name": "Maria Rodriguez",
"given_name": "Maria",
"family_name": "Rodriguez",
"picture": "https://...",
"email": "maria@example.com",
"email_verified": true
}Error Responses
401 Unauthorized
json
{
"error": "missing_token"
}json
{
"error": "invalid_token"
}403 Forbidden
Returned when the access token is valid but does not include the openid scope.
json
{
"error": "insufficient_scope"
}404 Not Found
json
{
"error": "user_not_found"
}Notes
userinforeturns standard OIDC claims only.- Use the public
/api/v1/me/*endpoints for Próspera-specific data such as residency, identity-verification images, and legal-entity records.