We try to use “user info” instead of legacy “token info”
https://auth0.com/docs/api/authentication?http#user-profile
But it always returns “unauthorized” even though the access token is verified.
We use Lock 10 Widget with the following settings to get scope set to “openid”
auth : {
responseType : "token",
redirect : false,
params : {
scope : "openid"
}
}