IdP Initiated SAML Integration - Empty Response from /userinfo

Problem statement

The article explains an IdP-initiated SAML flow where /userinfo returns an empty response.


Using localhost/unverified domain in the callback URL.


In an IdP-initiated flow, Auth0 servers strip scopes inside a token if the callback URL is an unverified domain. When using an unverified domain for testing, like localhost , as the callback URL, tokens from the /userinfo endpoint return an empty response.


To get a token response with requested scopes, use a verified domain in the callback URL instead of localhost .

Related Resources