Get claims about the authenticated end-user, using an Access Token. Claims that do not exist will be omitted. This endpoint uses your Custom Domain.
The contents of the response depend on the scopes granted to the client:
- All responses will always contain the sub claim.
- If the profile scope is granted, the name, given_name, family_name, profile_picture, and locale claims will be returned.
- If the email scope is granted, the email and email_verified claims will be returned.
- If the phone scope is granted, the phone_number and phone_number_verified claims will be returned.
You can call this endpoint via both GET and POST.
Important: Unlike other Stytch API endpoints, this endpoint is not authenticated with a project_id and project_secret pair. Instead, it is authenticated via the access_token of an active Connected App Client within the current project. You will need to pass the access token as a header with the "bearer" prefix.
This endpoint implements the OpenID Connect Core 1.0 UserInfo Endpoint.