# UserInfo

Return claims about the authenticated end-user by sending a Bearer access token in the Authorization header. The token must be issued with the openid scope. For more information, see the OIDC UserInfo spec. The set of claims returned is determined by the granted scopes and the claims.userinfo request parameter from the original authorization request.

Endpoint: GET /oidc/me

## Header parameters:

  - `Authorization` (string, required)
    Bearer access token, e.g. Authorization: Bearer .

## Response 200 fields (application/json):

  - `sub` (string, required)
    Subject identifier — stable identifier for the end-user.
    Example: "string"

  - `tid` (string)
    Tenant identifier.
    Example: "string"

  - `email` (string)
    Primary email address.
    Example: "string"

  - `groups` (array)
    Groups the user belongs to.
    Example: []

  - `new_user` (boolean)
    Whether this user was just created during the originating authentication flow.
    Example: true

  - `webauthn` (object)
    WebAuthn-related claims for the user.
    Example: {}

## Response 500 fields (application/json):

  - `message` (string, required)
    Example: "Something went wrong - Internal server error"

  - `error_code` (number, required)
    Example: 500


## Response 401 fields
