Menu
Amazon Cognito
Developer Guide

USERINFO Endpoint

The /oauth2/userInfo endpoint returns information about the authenticated user.

GET /oauth2/userInfo

The user pool client makes requests to this endpoint directly and not through a browser.

For more information see UserInfo Endpoint in the OpenID Connect (OIDC) specification.

Request Parameters in Header

Authorization: Bearer <access_token>

Pass the access token using the authorization header field.

Required

Sample Request

GET https://<your-user-pool-domain>/oauth2/userInfo Authorization: Bearer <access_token>

Sample Positive Response

HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 { "sub": "248289761001", "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "preferred_username": "j.doe", "email": "janedoe@example.com" }

For a list of OIDC claims see Standard Claims.

Sample Negative Responses

Invalid Request

HTTP/1.1 400 Bad Request WWW-Authenticate: error="invalid_request", error_description="Bad OAuth2 request at UserInfo Endpoint"
invalid_request

The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.

Invalid Token

HTTP/1.1 401 Unauthorized WWW-Authenticate: error="invalid_token", error_description="Access token is expired, disabled, or deleted, or the user has globally signed out."
invalid_token

The access token is expired, revoked, malformed, or invalid.