> Markdown version of https://authpi.com/docs/reference/idp-api/user-info/ — fetch the complete AuthPI docs index at https://authpi.com/llms.txt to discover all available pages. # User Info — AuthPI Identity Provider API OpenID Connect UserInfo endpoint for retrieving claims about the authenticated user. Requires a valid access token with appropriate scopes. ## GET /{issuer_id}/userinfo **UserInfo Endpoint** Returns claims about the authenticated user (OpenID Connect Core 1.0 Section 5.3). This endpoint provides user profile information based on the scopes granted during authorization. Include a valid access token in the Authorization header. ## Available Claims The claims returned depend on the scopes that were granted: | Scope | Claims | |-------|--------| | `openid` | `sub` (always included) | | `profile` | `name`, `given_name`, `family_name`, `picture`, `locale` | | `email` | `email`, `email_verified` | | `phone` | `phone_number`, `phone_number_verified` | | `address` | `address` (structured address object) | ## Organization Memberships (AuthPI Extension) The response includes an `organizations` array containing the user's organization memberships with their scopes. This is useful for client-side authorization decisions. ## Custom Claims If the user has custom claims configured, they are included in the response alongside standard OIDC claims. ## Authorization This endpoint requires a valid access token with at least the `openid` scope. **Specification**: [OpenID Connect Core 1.0 Section 5.3](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) ### Path parameters | Name | Type | Required | Description | | --- | --- | --- | --- | | `issuer_id` | string | Required | The unique identifier for the issuer/tenant | ### Responses | Code | Description | Schema | | --- | --- | --- | | 200 | **User Information** - Claims about the authenticated user. | `UserInfoResponse` | | 400 | **Bad Request** - The request is malformed or missing required parameters. | `OAuthError` | | 401 | **Unauthorized** - Authentication is required or has failed. | `OAuthError` | | 403 | **Forbidden** - The authenticated client or user lacks permission for this operation. | `OAuthError` | | 404 | **Not Found** - The requested resource does not exist. | `OAuthError` | | 422 | **Unprocessable Entity** - The request syntax is correct but the data cannot be processed. | `OAuthError` | | 429 | **Too Many Requests** - Rate limit exceeded. | `OAuthError` | | 500 | **Internal Server Error** - An unexpected error occurred. | `OAuthError` |