OAuth2 & OpenID Connect Deep Dive · Lesson

The UserInfo Endpoint

Learn how the OpenID Connect UserInfo endpoint lets clients fetch additional verified claims about the authenticated user using an access token.

Beyond the ID Token

The ID token proves who the user is, but to keep it small it may carry only a few claims. The UserInfo endpoint is an OAuth2-protected resource that returns additional claims about the currently authenticated user.

It Is a Protected Resource

UserInfo is not part of the token endpoint — it is a normal protected API. You call it with the access token obtained during the OIDC flow, presented as a Bearer token.

All lessons in this course

OIDC: Identity Layer on OAuth2
ID Tokens & Claims
OIDC Flows Overview
The UserInfo Endpoint

← Back to OAuth2 & OpenID Connect Deep Dive