---
title: Userinfo (GET)
description: The UserInfo Endpoint is an OAuth 2.0 protected resource that returns claims about the authenticated end user. Note that the /{{envID}}/as/userinfo request takes an access token in the Authorization header to get the claims about the user.
component: pingone-api
page_id: pingone-api:auth:openid-connect-oauth-2/userinfo
canonical_url: https://developer.pingidentity.com/pingone-api/auth/openid-connect-oauth-2/userinfo.html
section_ids:
  userinfo-authorization-requests: Userinfo authorization requests
  grants-and-scopes-with-userinfo: Grants and scopes with userinfo
  headers: Headers
  example-request: Example Request
  example-response: Example Response
---

# Userinfo (GET)

##

```none
GET {{authPath}}/{{envID}}/as/userinfo
```

The UserInfo Endpoint is an OAuth 2.0 protected resource that returns claims about the authenticated end user. Note that the `/{{envID}}/as/userinfo` request takes an access token in the Authorization header to get the claims about the user.

curl -X GET\
'https\://auth.pingone.com/{{envID}}/as/userinfo'\
-H 'Authorization: Bearer token'

### Userinfo authorization requests

A `userinfo` authorization request is used with applications associated with the `openid` resource. The value for the `Authorization` header is the Bearer token returned by the following authorization request:

```bash
https://auth.pingone.com/{{envID}}/as/authorize?client_id={{appID}}&redirect_uri={{redirect_uri}}&response_type=token&scope=openid profile email address
```

In the authorization request, the `scope` attribute must specify the `openid` value, which includes the `sub` claim (the user ID) in the response data. Additional OpenID Connect scopes such as `profile`, `address`, `phone` and `email` can also be included to add more user claims to the response.

### Grants and scopes with userinfo

The token used with the `/{{envID}}/as/userinfo` endpoint must be generated by an `implicit` or `authorization_code` grant type. PingOne user scopes such as `p1:reset:userPassword` are not applicable to `userinfo` authorization requests and applications associated with the `openid` resource.

|   |                                                                                                                                                                                                                                                                 |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Access tokens generated from a `client_credentials` grant type return an `ACCESS_FAILED` message when used with the `/{{envID}}/as/userinfo` endpoint. Tokens from a `client_credentials` grant use administrator permissions granted through role assignments. |

### Headers

Authorization      Bearer {{accessToken}}

##

### Example Request

* cURL

* C#

* Go

* HTTP

* Java

* jQuery

* NodeJS

* Python

* PHP

* Ruby

* Swift

```shell
curl --location --globoff '{{authPath}}/{{envID}}/as/userinfo' \
--header 'Authorization: Bearer {{accessToken}}'
```

```csharp
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/userinfo")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
request.AddHeader("Authorization", "Bearer {{accessToken}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
```

```golang
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/userinfo"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
```

```http
GET /{{envID}}/as/userinfo HTTP/1.1
Host: {{authPath}}
Authorization: Bearer {{accessToken}}
```

```java
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/userinfo")
  .method("GET", body)
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
```

```javascript
var settings = {
  "url": "{{authPath}}/{{envID}}/as/userinfo",
  "method": "GET",
  "timeout": 0,
  "headers": {
    "Authorization": "Bearer {{accessToken}}"
  },
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
```

```javascript
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/userinfo',
  'headers': {
    'Authorization': 'Bearer {{accessToken}}'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
```

```python
import requests

url = "{{authPath}}/{{envID}}/as/userinfo"

payload = {}
headers = {
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
```

```php
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/userinfo');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Authorization' => 'Bearer {{accessToken}}'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
```

```ruby
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/userinfo")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
request["Authorization"] = "Bearer {{accessToken}}"

response = http.request(request)
puts response.read_body
```

```swift
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/userinfo")!,timeoutInterval: Double.infinity)
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()
```

### Example Response

200 OK

```json
{
    "family_name": "Doe",
    "address": {
        "country": "US",
        "postal_code": "78750",
        "region": "TX",
        "locality": "Austin",
        "street_address": "123 Happy Street"
    },
    "given_name": "John",
    "email": "jdoe@example.com",
    "preferred_username": "jdoe",
    "updated_at": 1535377850,
    "name": "John Doe",
    "middle_name": "J",
    "sub": "0986b513-ae1f-4312-8d8d-a31eb79133ad"
}
```