getUserProfile() throws error

I’m trying to use SessionClient to get information on the user. However, when I call it, I get this error:

Invalid operation. Please check your configuration. OAuth2 authorization servers does notsupport /userinfo endpoint

private fun getOktaUserInfo() {
    with (sessionClient) {
        getUserProfile(object: RequestCallback<UserInfo, AuthorizationException> {
            override fun onSuccess(result: UserInfo) {
                Timber.d("User Information Success")

            override fun onError(error: String?, exception: AuthorizationException?) {
                Timber.e(error, "User Information Failure")

Hi @reastland

What type of OIDC application are you using? Are you retrieving both an ID token and an access token, as an access token is required to access /userinfo endpoint?

Hi @dragos
This is an Android application. And yes, I am retrieving an access token.

Hi @reastland

Can you please a support case with us through an email to in order to further review the logs and narrow down the cause of the error? In the email, please specify your Okta tenant and client ID of the OIDC application in order to narrow down the requests.

I discovered that the information that I needed was embedded in the access and id tokens once they were base64 decoded.

But I still don’t understand why the call to getUserProfile throws this error. I’m no longer concerned about it, but I guess the question remains unanswered.

Hello, this looks like it’s stil an issue on Android, I’ve bene just testing out some working code used in an iOs application in Android, and that same code fails when getting the profile

Which SDK/library are you using for your Android application? What is the issuer/discoveryUri you have configured?

It’s possible that this error is being encountered due to the discovery URI the application is using to get information about the authorization servers endpoints. As the /userinfo endpoint is only specified in OpenID Connect, the /.well-known/oauth-authorization-server discovery URI will not contain information about this endpoint, but the /.well-known/openid-configuration discovery URI will. The reference docs I linked to will tell you what properties are associated with each.


Of course, after I made this post, I found this:

The workaround that someone found was to explicitly point to the openid-configuration discovery URI for Android, so it does still sound like the cause is related to what I described.