Check User Profiles

1. Is user profile information correct at the source (authorization server)?
2. Generate and check the HAR file, look for an id_token.
   Before sharing a HAR file with anyone (including Auth0), ensure that you remove or obfuscate all sensitive data, such as:

   • Confidential user information
   • Personal identifiable information (PII)
   • Confidential application information

   To learn more, read the following articles on Auth0 Community:

   • Sanitizing HTTP Traces
   • How to Sanitize an HTTP Trace File Automatically
   • How to Manually Redact Sensitive Information
   • HAR File is Too Large to Upload to the Support Case
3. Decode the id_token at JWT.io to see if it has the correct information.
4. Check any custom database scripts or rule logic.
5. Check if you called /tokeninfo endpoint and have a custom domain configured within Auth0. If so, you need to use /userinfo endpoint instead
6. Check if you called /userinfo endpoint properly. You should pass an access token. You should call this endpoint with the default Auth0 domain even if the tenant has a custom domain enabled.
7. Check if you specified the correct scope to get an Access Token.

​

Learn more

• User Profiles
• Normalized User Profiles
• User Profile Structure