401 Unauthorized /userinfo endpoint

regis.chevillot · July 14, 2025, 9:31am

Hello,

I’m trying to retreive the user info via the userinfo endpoint but i have a 401 response
Currently i have the following setup
On the frontend part i’m using the auth0 spa js library.
The backend side is a node js server with express.

On the frontend i have the following code:

//initialization
const auth0 = await createAuth0Client({
    domain: import.meta.env.VITE_AUTH0_DOMAIN,
    clientId: import.meta.env.VITE_AUTH0_CLIENT_ID,
    authorizationParams: {
        redirect_uri: import.meta.env.VITE_AUTH0_CALLBACK_URL,
        scope: 'openid profile email',
    }
});

then on a button click i call this:
auth0.loginWithRedirect();

After the redirect when landing on my callback page i do that:

await auth0.handleRedirectCallback();
const token = await auth0.getTokenSilently();

Then i send the access token into the headers to my server API like that:

axios({
  url,
  method,
  data: data.params,
  headers: {
    Authorization: `Bearer ${token}`
  }
});

On the backend i have a middleware function that retrieve the token + send it to the userinfo endpoint:

const axios = require('axios');
const authenticateToken = async (req, res, next) => {
  const token = req.headers.authorization.split(' ')[1];

  let config = {
    method: 'get',
    maxBodyLength: Infinity,
    url: `https://${process.env.AUTH0_DOMAIN}/userinfo`,
    headers: { 
      'Accept': 'application/json', 
      'access_token': token
    }
  };
  
  axios.request(config)
  .then((response) => {
    console.log("RESPONSE AUTH TOKEN", JSON.stringify(response.data));
  })
  .catch((error) => {
    console.log("ERROR AUTH TOKEN", error);
  });
}

nik.baleca · July 17, 2025, 5:04pm

Hi @regis.chevillot

Welcome to the Auth0 Community!

I believe the issue may reside in the fact that when you initialize the Auth0 Client, you are not using an audience inside the authorization parameters which result in an invalid/opaque token.

The 401 error response indicates that the token may either be invalid/expired/opaque per our Authentication API documentation.

Let me know if you have any other questions!

Kind Regards,
Nik

regis.chevillot · July 17, 2025, 6:44pm

Hi Nik,
Thanks for answering.
i’m a bit confused with your response. Isn’t the purpose of the endpoint /userinfo to return the user info of a given opaque token?
Indeed i did not mention any audience parameter because i do want to get an opaque token and use the endpoint /userinfo to get the user info

Régis

system · July 31, 2025, 6:44pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Calling /userinfo returns an unauthorized error Get Help userinfo	3	8267	March 2, 2018
Bad audience status 401 when trying to get user informations by token Get Help auth0-spa-js	8	6145	October 19, 2022
The /userinfo endpoint returns 401 (Unauthorized) Get Help lock , api , userinfo , audience	12	24599	January 9, 2023
/userinfo API returns 401 Unauthorized JWT.io auth0 , api	6	2257	May 27, 2023
Not able to access /userinfo from created API Get Help access-token-userinf	5	5917	March 2, 2018

401 Unauthorized /userinfo endpoint

Related topics