Get User Info by access token recieved

I got an access token using Oauth2 method in Okta platform. Now, try to get the user details using API but it’s not working. I add the the access token in request header too. If I do any scope related issue, please let me know how to do request to get the UserInfo


Authorization:Bearer {{access_token}}

Note: I get the access_token using default authorization server.

Error: error=“insufficient_scope”, error_description=“The access token provided does not contain the required scopes.”, resource=“/api/v1/users”

Make these changes and try again:

API URL:****
note: Instead of using an email, you can also use their Okta ID or the part of their email before the “

Content-Type: application/json
Authorization : SSWS {{access_token}}
Accept: application/json

If you’re still getting the scope error after making the changes, then I’d recommend either:

  • Adding the scope to the method you’re using to obtain the access token. If you’re obtaining it by making an api call to an endpoint, add this to the end of that url: “?
  • You can also add the above scope to the default scopes that are granted to api tokens. You can do this by navigating to the Okta admin dashboard > Security > API. Under Authorization Servers, there should be a row named default. Click it, navigate to the Scopes tab, and click Add Scope. For the Name field, put, check the box for Default scope, and leave User consent as Implicit. The other fields can be anything. After finishing, get a new access token and try getting a user’s info again.

Get Users Source
Setting API Access Scopes
List of available scopes

In order to retrieve the userinfo using the Access Token, the /userinfo endpoint for the specific authorization server would have to be used. That specific endpoint is documented below

If you would like to use the /api/v1/users endpoint instead, this is possible if the token was minted by the Org authorization server. It would just require granting scope within the application settings on Okta and including that scope in the authorization request.

1 Like