UserInfo endpoint
The /oauth2/userInfo endpoint returns information about the authenticated
user.
GET /oauth2/userInfo
The user pool client makes requests to this endpoint directly and not through a browser.
For more information, see UserInfo
Endpoint
Request parameters in header
- Authorization: Bearer
<access_token> -
Pass the access token using the authorization header field.
Required.
Sample request
GET https://<your-user-pool-domain>/oauth2/userInfo Authorization: Bearer<access_token>
Sample positive response
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 { "sub": "248289761001", "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "preferred_username": "j.doe", "email": "janedoe@example.com" }
For a list of OIDC claims, see Standard Claims
Sample negative responses
Invalid request
HTTP/1.1 400 Bad Request
WWW-Authenticate: error="invalid_request",
error_description="Bad OAuth2 request at UserInfo Endpoint"
- invalid_request
-
The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.
Invalid token
HTTP/1.1 401 Unauthorized
WWW-Authenticate: error="invalid_token",
error_description="Access token is expired, disabled, or deleted, or the user has globally signed out."
- invalid_token
-
The access token is expired, revoked, malformed, or invalid.
