Auth0 Home Blog Docs

Decoding idToken vs. Calling userInfo



Hello, while using auth0.js (angular2+) I was wondering what the advantage of calling webAuth.client.userInfo would be, vs. just decoding the returned idToken in the browser and obtaining the user profile?


The endpoint is a core part of the OpenID Connect (OIDC) specification and as such it needs to be available in order to be compliant with that specification. However, if for your use case it does not bring anything relevant to the table don’t think that you need to use it just because it’s available.

One of the differences, for standard OIDC claims like the email, is that by calling the endpoint you’ll be able to get an updated view of the user information while the ID token contains the information at the time the authentication took place.