Auth0 Home Blog Docs

Missing profile from userinfo endpoint

Hi

I am using a Single Page Application type of application in auth0 and all CORS urls are setup properly.
Upon authorizing using the scope “openid profile”, I am confirming the auth, and receiving a valid JWT which has been signed by auth0 and containing the key “scope” set to “openid profile”. However, when I then contact the /userinfo service using that JWT as Bearer token, I receive only “sub” and “updated_at” fields. I also tried adding the “email” scope and this just adds the “email_verified” boolean without the actual email. I can see all of my user info in the raw JSON tab in the auth0 admin panel, so I know it’s all there. Am I missing something?

Thanks

Phil

@philip.nicholls,

Welcome to the Auth0 Community Forum!

Requesting the profile scope should include more claims according to this doc. It sounds like there is a configuration that may be changing things.

If you go to your applications > settings > advanced settings > OAuth, is the OIDC Conformant toggle on?

Yes, we are OIDC conforming.

Even using all 3 scopes “openid profile email” only provides “sub”, “updated_at” and “email_verified” boolean. It’s like 1 scope is only able to give me 1 claim. Or other claims are being wiped on the way out. Do you know why that could be? or where any custom configuration might be?

Thanks

@philip.nicholls,

Can you please DM me a HAR file so I can investigate further?