GET /oauth2/userInfo Request Parameters in Header Sample Request Sample Positive Response Sample Negative Responses

USERINFO Endpoint

The /oauth2/userInfo endpoint returns information about the authenticated user.

GET /oauth2/userInfo

The user pool client makes requests to this endpoint directly and not through a browser.

For more information see UserInfo Endpoint in the OpenID Connect (OIDC) specification.

Topics

Request Parameters in Header
Sample Request
Sample Positive Response
Sample Negative Responses

Request Parameters in Header

Authorization: Bearer <access_token>

Pass the access token using the authorization header field.

Required

Sample Request


GET https://<your-user-pool-domain>/oauth2/userInfo
Authorization: Bearer <access_token>

Sample Positive Response


HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
   "sub": "248289761001",
   "name": "Jane Doe",
   "given_name": "Jane",
   "family_name": "Doe",
   "preferred_username": "j.doe",
   "email": "janedoe@example.com"
}

For a list of OIDC claims see Standard Claims.

Sample Negative Responses

Invalid Request


HTTP/1.1 400 Bad Request
  WWW-Authenticate: error="invalid_request",
    error_description="Bad OAuth2 request at UserInfo Endpoint"

invalid_request: The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.

Invalid Token


HTTP/1.1 401 Unauthorized
  WWW-Authenticate: error="invalid_token",
    error_description="Access token is expired, disabled, or deleted, or the user has globally signed out."

invalid_token: The access token is expired, revoked, malformed, or invalid.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

TOKEN Endpoint