Hi I am trying to get userinfo using the call “https://dev-{oktaID}.oktapreview.com/oauth2/default/v1/userinfo” and I am sending the access_token in this call.
But I am getting only “sub” property in this as:
{
“sub”: “00uhzsq8pw5e6bWGe0h7”
}
But I want more claims like name, email. Please suggest how do I get more claims for /userinfo endpoint
Have you tried with hitting the same endpoint with an id_token token instead?
Have you tried going directly to the users api and retrieving it using an apiToken token?
Also does it work ok if you remove the default and use and id_token?
Here is the answer that worked for me, In order to add new claims to appears on your Okta org’s /userinfo endpoint, please go in your Admin dashboard to API >> Authorization Servers >> default >> Claims tab. From here, please select “Add Claim” and, in the section “Include in token type”, select “ID Token” and “Userinfo / id_token request” instead of “Always”.
Userinfo is a seperate REST endpoint specified in your openid metadata via: https://[tenant].oktapreview.com/oauth2/default/.well-known/openid-configuration
i.e. https://[tenant].oktapreview.com/oauth2/default/v1/userinfo
You will need to pass scope as scope=openid+email+profile in the url. Yes, with the plus signs in the URL. I am posting it here as this information was not easy to find.
You might want to check out the guide we have about creating custom claims for the complete steps: Create Claims | Okta Developer
The key point in @prashant162’s post is that you will want to choose “Userinfo/ id_token request” when you create this ID Token claim so that it is returned when you make a call to the /userinfo endpoint