When call /userinfo API returns Unauthorized

Dear my friends,Unauthorized returns by auth0 when I use the /userinfo API. I don’t know how to deal with the problem. Have you ever encountered a similar problem? Thanks.

First I get the access_token for the customer using the following API:
curl --request POST
–url ‘https://YOUR_DOMAIN/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data ‘grant_type=password&username=USERNAME&password=PASSWORD&audience=API_IDENTIFIER&scope=SCOPE&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET’

Next I tried querying a customer’s profile with access_token, but auth0 returned Unauthorized.
curl --request GET
–url ‘https://YOUR_DOMAIN/userinfo’
–header ‘Authorization: Bearer {ACCESS_TOKEN}’
–header ‘Content-Type: application/json’

Hi @bill_huang

The /userinfo endpoint will only work if openid was granted as a scope for the Access Token you are attaching to the request. You can find documentation on this via the following link:

• Authentication API Explorer

Based on the error you are receiving, it is possible this scope is not being set on the Access Token. Could you confirm that you are including this in your scope parameters when requesting the token?

Hi @james.merrigan, Thank you very much.
The information you provided was very helpful to me,For a more detailed auth0 help document, please refer to: Call Your API Using Resource Owner Password Flow Hope to help friends who encounter this problem, thanks again.