/userinfo response: API doc and actual response mismatch

ozooxo · June 23, 2024, 7:31pm

Auth0 API doc says that the updated_at attribute for the /userinfo response should be an epoch integer. This also matches the OIDC standard claims spec. However, when actually use this endpoint, I get a datetime String response:

curl 'https://dev-g753kr1m2q1hdwiu.us.auth0.com/userinfo' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' | jq .

{
  "sub": "auth0|6650891be60ff157d437339e",
  "nickname": "foobar",
  "name": "foobar@foobar.com",
  "picture": "https://s.gravatar.com/avatar/5d58606054103162a9739bc0ccdc7fc5?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Ffo.png",
  "updated_at": "2024-06-23T19:05:43.257Z",
  "email": "foobar@foobar.com",
  "email_verified": false
}

Topic		Replies	Views
`/userinfo` endpoint in OIDC returns `updated_at` field as a string Help	2	4150	May 29, 2021
OIDC ID Token claim updated_at violates OIDC specification, breaks RP implementations Help	5	7835	September 2, 2019
updated_at claim has wrong type Help claims , openidconnect	1	4405	March 2, 2018
created_at not returned in userInfo Help userinfo , social-connections , authorize	2	5262	March 2, 2018
OIDC-conformant error Help auth0 , oidc-conformant , python	4	2944	February 13, 2021

/userinfo response: API doc and actual response mismatch

Related topics