Deepak Gupta

Userinfo Endpoint.

The OIDC HTTP endpoint a client calls with an access token to retrieve standardized user profile claims — separate from the ID Token, used for on-demand profile data fetching.

The right pattern for claims: minimal at session creation (sub, email, name from the ID Token), richer on demand from userinfo. Stuffing everything in the ID Token bloats every request that carries it. Cache userinfo responses per-session with a short TTL — frequent refetching defeats the point; long TTL produces stale profile data.

Common questions

When should I call userinfo vs read claims from the ID Token?

Does userinfo require an access token or ID Token?

Can I cache userinfo responses?

Related terms

In the guides

OpenID Connect (OIDC) Explained: The Modern Identity Layer on OAuth 2.0
OIDC adds authentication and identity claims to OAuth 2.0. How discovery, ID tokens, and the standard scopes work, plus the pitfalls that bite implementers in production.