I’m trying to explore the auth0 world testing it with Postman.
I’m able to login with a test user and get the token to use. I also installed the example asp.net core service in my server and here the token works.
Now I’m trying to use the method /userinfo but when I send the request here with a valid token I get this messsage
{
"error": "unauthorized",
"error_description": "invalid credentials"
}
This is a very similar question but the question isn’t valid anymore, since the proposed method is disabled (here)
My request is built in this way:
GET https://xxx.eu.auth0.com/userinfo
Authorization: 'Bearer {ACCESS_TOKEN}'
Which is the error I’m doing? It seems to be correct, following the docs
The /userinfo endpoint is only available if you include the openid scope in the original authentication request. From the [documentation] (https://auth0.com/docs/api/authentication#user-profile):
Given the Auth0 access token obtained
during login, this endpoint returns a
user’s profile. This endpoint will
work only if openid was granted as a
scope for the access_token.
So if your authentication request includes "scope": "openid" (it can also include other claims) , you’ll be able to retrieve the user profile using the [GET /userinfo] (https://auth0.com/docs/api/authentication#user-profile) endpoint as:
GET https://{YOUR_AUTH0_DOMAIN}/userinfo
Authorization: ‘Bearer {ACCESS_TOKEN}’
To make sure you’re using a valid access token, you can inspect the token at https://jwt.io/ and check if the payload includes the audience value "aud" for your tenant’s userinfo endpoint "https://{YOUR_AUTH0_DOMAIN}/userinfo".