> ## Documentation Index > Fetch the complete documentation index at: https://docs.hopae.com/llms.txt > Use this file to discover all available pages before exploring further. # UserInfo > Returns user claims based on granted scopes. Requires a valid Bearer access token. Fetch verified user claims using the access token from `/token`. The ID Token contains no PII. All personal attributes are returned only by `/userinfo`. Unsupported (requested) standard claims are listed in `missing_claims`. Verification context is provided in `provenance`. Evidence is included when the credential source returns it; the object contains a `token` payload and a semicolon‑delimited `names` list describing the keys. Keys vary by provider, so always read them from `names`. Content is relayed from the credential source. ## Headers Bearer access token issued by `/token`. ## Responses Subject identifier. Stable per source identity across all clients. Authentication Context Class Reference. Numeric assurance level. Human‑readable assurance label (e.g., `substantial`). Requested standard claims not provided by the source. Always `[]` for match flows (`verification_model: "match"`). Provider identifier that authenticated the subject. Mirrors the single element in `amr`. Always present. One of `disclosure` (PII under `user`) or `match` (comparison envelope under `match`, with `user: null`). Personal attributes (present per granted scopes and source availability). `null` when `verification_model` is `match`. Display name Given nam Family name Birthdate in `YYYY-MM-DD` Email address Whether the email is verified Phone number in E.164 format Whether the phone number is verified Structured address ISO 3166-1 alpha‑2. Middle name(s) Casual name or handle Preferred username URL of the user's profile page Base64-encoded image data of the user's profile picture Gender value Time zone (IANA) Locale (BCP 47) Unix timestamp of last profile update Verification context for this event. `centralized_idp`, `wallet`, etc. `internet`, `nfc`, etc. Credentials presented for this verification. Provider identifier used when initiating the verification (for example, `smartid`). Issuer identifier. Issuer display name. Government authority flag. Raw source claims, when available. Token evidence object from the source (when provided). Includes `token` (provider-supplied key/value pairs) and `names` (semicolon-delimited list of keys present under `token`). Verification session id. ISO 8601 verification timestamp. Match envelope. Present only when `verification_model` is `match`. Aggregate outcome across all submitted fields. `per_field` or `aggregate`. Determines whether `details` is included. Field keys the RP submitted via `matchData`. Provider-native names — not OIDC-normalised. Per-field outcomes, keyed by field name. Present only when `granularity` is `per_field`. Each entry exposes `matched` (boolean), `submitted_value` (RP-supplied value, userinfo only and only on matchData fields), and optionally `similarity` (0–100) when the upstream verifier provides it. May also carry passthrough verifier keys not in `submitted_fields` when the upstream provider emits them. ## Example ```bash theme={null} curl -X GET 'https://sandbox.connect.hopae.com/userinfo' \ -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIs...' ``` ```json theme={null} { "sub": "otV9EMJr-iG-dj-AHhrCslfdRkUUBQJ1", "hopae_loa": 3, "hopae_loa_label": "substantial", "missing_claims": [ "email", "gender", "picture" ], "user": { "birthdate": "1905-04-04", "given_name": "OK", "family_name": "TESTNUMBER", "nationality": "LT", "name": "OK TESTNUMBER" }, "provenance": { "presentation": { "channel": { "type": "centralized_idp", "transport": "internet" }, "credentials": [ { "type": "smartid", "issuer": { "id": "urn:hopae:issuer:ee:smartid", "authority_name": "SK ID Solutions AS", "is_government": false }, "claims": { "documentNumber": "PNOLT-40504040001-MOCK-Q", "birthdate": "1905-04-04", "countryCode": "LT", "givenName": "OK", "surname": "TESTNUMBER" }, "evidence": { "token": { "id_token": "", "expires_at": "2025-10-31T05:43:14.000Z", "access_token": "", "token_type": "Bearer" }, "names": "id_token;expires_at;access_token;token_type" } } ] }, "_metadata": { "verification_id": "3162dd47a26b4218b5fa708761889e44", "verified_at": "2025-10-28T06:20:36.992Z" } } } ``` ```json Match flow theme={null} { "sub": "dZwCCSTLVMlJlXKTgSERCsApC7OUnBKT", "amr": ["id-nik-match"], "provider_id": "id-nik-match", "verification_model": "match", "hopae_loa": 1, "hopae_loa_label": "none", "missing_claims": [], "user": null, "provenance": { "presentation": { "channel": { "type": "centralized_idp", "transport": "internet" }, "credentials": [ { "type": "id-nik-match", "claims": { "fullName": true, "dateOfBirth": true, "nationalIdNo": true }, "issuer": { "authority_name": "Directorate General of Population and Civil Registration (Dukcapil)", "is_government": true }, "evidence": { "token": { "integrator_jws": "eyJhbGciOiJSUzI1NiIsInR5cCI6...", "token_type": "integrator" }, "names": "integrator_jws;token_type" } } ] }, "_metadata": { "verification_id": "f34e2801c3914b3284f2829ea48eeafc", "verified_at": "2026-04-26T15:56:11.110Z", "status": "completed" } }, "match": { "matched": true, "granularity": "per_field", "submitted_fields": ["fullName", "dateOfBirth"], "details": { "fullName": { "matched": true, "submitted_value": "Test User" }, "dateOfBirth": { "matched": true, "submitted_value": "1990-01-01" } } } } ``` Evidence keys are provider-specific. Inspect `names` to determine which fields are present under `evidence.token`. For match providers, `provenance.presentation.credentials[].claims` carries the upstream IDP response verbatim — typically per-field boolean confirmation from the source authority. This is the audit record of what the source agreed with, not a duplicate of `match.details`.