The OpenID Connect (OIDC) userinfo endpoint is indeed a protected resource that provides information about a user when a service provider presents an access token that has been issued by your Token endpoint. The scopes in the access token specify the user attributes that are returned in the response of the userinfo endpoint. The

openid

scope must be one of the access token claims. If the userinfo endpoint does not have an

iss

claim and you get an "issuer not set in claims" error, you might want to check the scopes you are requesting. Make sure that the

openid

scope is included in your request. In Ory, you can call the userinfo endpoint using the Ory SDK in JavaScript. Here is an example of how to do it:

javascript import { Configuration, OidcApi } from "@ory/client"      const ory = new OidcApi(    new Configuration({    basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,    accessToken: process.env.ORY_API_KEY,    }),   )      export async function getUserInfo(accessToken: string) {    const { data } = await ory.getOidcUserInfo({    headers: { Authorization: "Bearer " + accessToken },    })    console.log(data.email)   }

In this example, a new instance of the Ory SDK is created with the

basePath

set to the URL of your Ory Network project. An async function is then defined that calls the userinfo function with the

accessToken

passed as a parameter. The

data

contains the user attributes returned by the userinfo endpoint. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc).