UserInfo Endpoint

The UserInfo endpoint is a protected API defined by OpenID Connect. After a client application obtains an access token with the appropriate scopes, it can call this endpoint to retrieve claims about the authenticated user. The response is a JSON object containing identity attributes such as name, email, phone number, address, and any other profile data the authorization server supports.

The endpoint complements the ID token. While the ID token delivers core identity claims at login time, the UserInfo endpoint provides a way to fetch additional or updated attributes later in the session. The access token presented in the request determines which claims the endpoint returns, based on the scopes the user consented to.

Responses can be returned as plain JSON or, optionally, as a signed or encrypted JWT for environments that require integrity or confidentiality beyond transport-level encryption.

For CIAM, the UserInfo endpoint gives customer-facing applications a standard, consent-governed way to retrieve profile data without building custom APIs.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html