Skip to main content
curl --request GET \
  --url https://${projectDomain}/v1/oauth2/userinfo \
  -H 'Authorization: bearer ${exampleConnectedAppAuthCode}'

{
  "email": "sandbox@stytch.com",
  "email_verified": true,
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "middle_name": "",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200,
  "sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f"
}
GET
https://${projectdomain}
/
v1
/
oauth2
/
userinfo
curl --request GET \
  --url https://${projectDomain}/v1/oauth2/userinfo \
  -H 'Authorization: bearer ${exampleConnectedAppAuthCode}'

{
  "email": "sandbox@stytch.com",
  "email_verified": true,
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "middle_name": "",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200,
  "sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f"
}
Get claims about the authenticated end-user, using an Access Token. Claims that do not exist will be omitted. This endpoint uses your Custom Domain. The contents of the response depend on the scopes granted to the client:
  • All responses will always contain the sub claim.
  • If the profile scope is granted, the name, given_name, family_name, profile_picture, and locale claims will be returned.
  • If the email scope is granted, the email and email_verified claims will be returned.
  • If the phone scope is granted, the phone_number and phone_number_verified claims will be returned.
You can call this endpoint via both GET and POST. This endpoint implements the OpenID Connect Core 1.0 UserInfo Endpoint.
We recommend using the Custom Domain whenever possible. For backwards compatibility reasons, this endpoint is also available at https://test.stytch.com/v1/public/${projectId}/oauth2/userinfo.

Response

sub
string
The subject of the token. This is a unique identifier for the user.
phone_number
string
The end-user’s phone number. This claim is only returned when the client is granted the phone scope.
phone_number_verified
boolean
Indicates whether the end-user’s phone number has been verified. This claim is only returned when the client is granted the phone scope.
email
string
The end-user’s email address. This claim is only returned when the client is granted the email scope.
email_verified
boolean
Indicates whether the end-user’s email address has been verified. This claim is only returned when the client is granted the email scope.
name
string
The full name of the end-user. This claim is only returned when the client is granted the profile scope.
given_name
string
The given (first) name of the end-user. This claim is only returned when the client is granted the profile scope.
middle_name
string
The middle name of the end-user. This claim is only returned when the client is granted the profile scope.
family_name
string
The family (last) name of the end-user. This claim is only returned when the client is granted the profile scope.
picture
string
The URL of the end-user’s profile picture. This claim is only returned when the client is granted the profile scope.
locale
string
The end-user’s locale, typically in the form of a language tag (e.g., “en-US”). This claim is only returned when the client is granted the profile scope.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.