Thanks for pointing this out @bschreiber - yes you can fetch the full user object via the Management API too - however, a downside of this is the rate limits on the Management API are more restrictive, so wouldn’t scale well if it were to be called on every login for example.
You could mitigate this by using conditional logic to only make the call for a first time login though.