> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Token Info

> Deprecated endpoint that validates a JWT and returns the associated user profile; use /userinfo instead.

export const ResponseSchema = ({statusCode, type = "{}", children}) => {
  const [open, setOpen] = useState(false);
  return <div className="border border-gray-100 dark:border-gray-800 rounded-lg mb-3 overflow-hidden">
      <div className={`flex items-center gap-2.5 px-4 py-2.5 cursor-pointer select-none ${open ? "bg-gray-50 dark:bg-gray-800" : ""}`} onClick={() => setOpen(!open)}>
        {statusCode && <span className="border border-gray-300 dark:border-gray-600 text-gray-700 dark:text-gray-300 font-mono text-xs px-1.5 py-0.5 rounded">
            {statusCode.startsWith("default") ? "default" : statusCode}
          </span>}
        <span className="text-gray-500 dark:text-gray-400 text-sm font-mono">
          {type}
        </span>
        <span className="text-gray-400 dark:text-gray-500 text-sm italic">
          application/json
        </span>
        <svg className={`ml-auto opacity-50 transition-transform duration-200 ${open ? "rotate-180" : ""}`} width="16" height="16" viewBox="0 0 16 16" fill="none">
          <path d="M4 6l4 4 4-4" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" />
        </svg>
      </div>
      {open && <div className="px-4 pt-1 pb-3 border-t border-gray-100 dark:border-gray-800">
          {children}
        </div>}
    </div>;
};

## Endpoint

`POST /tokeninfo`

<Note>
  This endpoint is part of the legacy authentication pipeline and will be disabled for those who use our latest, OIDC conformant, pipeline. We encourage using the [/userinfo endpoint](#get-user-info) instead. For more information on the latest authentication pipeline refer to [Introducing OIDC Conformant Authentication](/api-auth/intro).
</Note>

This endpoint validates a JSON Web Token (JWT) (signature and expiration) and returns the user information associated with the user id `sub` property of the token.

### Remarks

* This endpoint will return three HTTP Response Headers, that provide relevant data on its rate limits:
  * `X-RateLimit-Limit`: Number of requests allowed per minute.
  * `X-RateLimit-Remaining`: Number of requests available. Each new request reduces this number by 1. For each minute that passes, requests are added back, so this number increases by 1 each time.
  * `X-RateLimit-Reset`: Remaining time until the rate limit (`X-RateLimit-Limit`) resets. The value is in [UTC epoch seconds](https://en.wikipedia.org/wiki/Unix_time).

### Learn More

* [User Profile Struture](https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure)
* [Auth0 API Rate Limit Policy](https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy)

## Response Schema

<ResponseSchema>
  <ResponseField name="email_verified" type="boolean">
    Indicates whether the user's email address has been verified.
  </ResponseField>

  <ResponseField name="email" type="string">
    The user's email address.
  </ResponseField>

  <ResponseField name="clientID" type="string">
    The client ID associated with the token.
  </ResponseField>

  <ResponseField name="updated_at" type="string">
    Time the user's information was last updated.
  </ResponseField>

  <ResponseField name="name" type="string">
    The user's full name.
  </ResponseField>

  <ResponseField name="picture" type="string">
    URL of the user's profile picture.
  </ResponseField>

  <ResponseField name="user_id" type="string">
    The user's unique identifier.
  </ResponseField>

  <ResponseField name="nickname" type="string">
    The user's nickname.
  </ResponseField>

  <ResponseField name="provider" type="string">
    The identity provider for the user.
  </ResponseField>

  <ResponseField name="connection" type="string">
    The connection used to authenticate the user.
  </ResponseField>

  <ResponseField name="isSocial" type="boolean">
    Whether the user authenticated via a social provider.
  </ResponseField>

  <ResponseField name="created_at" type="string">
    Time the user was created.
  </ResponseField>

  <ResponseField name="global_client_id" type="string">
    The global client ID.
  </ResponseField>
</ResponseSchema>

## Response Messages

| Status | Description                               |
| ------ | ----------------------------------------- |
| 200    | Successful response with user information |