The data you're seeing is the payload of an ID Token, which is returned by the OpenID Connect (OIDC) userinfo endpoint. This endpoint provides information about a user when a service provider presents an access token that has been issued by your Token endpoint. The scopes in the access token specify the user attributes that are returned in the response of the userinfo endpoint. Here's a brief explanation of the fields in your payload: - `amr`: (Authentication Methods References) It is an array of strings that are identifiers for authentication methods used in the authentication. - `aud`: (Audience) It's the client identifier, or the recipient the token is intended for. - `auth_time`: (Authentication Time) It's the time when the authentication occurred. - `iat`: (Issued At) It's the time when the token was issued. - `iss`: (Issuer) It's the server that issued the token. - `rat`: (Request Time) It's the time when the request for token was made. - `sub`: (Subject) It's the unique identifier for the user. To obtain the user traits, you can call the userinfo endpoint using the Ory SDK in JavaScript. Here's an example of how to do it:

javascript import { Configuration, OidcApi } from "@ory/client"      const ory = new OidcApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: process.env.ORY_API_KEY,     }),   )      export async function getUserInfo(accessToken: string) {     const { data } = await ory.getOidcUserInfo({       headers: { Authorization: "Bearer " + accessToken },     })     console.log(data.email)   }

In this example, we create a new instance of the Ory SDK with the

basePath

set to the URL of your Ory Network project. We then define an async function that calls the userinfo function with the

accessToken

passed as a parameter. The

data

contains the user attributes returned by the userinfo endpoint. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc).

Scopes in OAuth 2.0 are used to define the permissions for the client application. They are included in the authorization request and are granted by the user. The granted scopes are then included in the access token. To retrieve all the scopes, you would typically look at the configuration of your OAuth 2.0 server where you defined the scopes that your application can request. In Ory, scopes are defined in the Ory Console when you set up your OAuth 2.0 clients. However, there isn't a direct way to retrieve all the scopes from the Ory APIs based on the provided knowledge sources. The scopes are usually defined during the OAuth 2.0 client registration process and are specific to each client application. For more details on how scopes work in Ory, you can refer to the [Ory documentation](https://www.ory.sh/docs/hydra/concepts/oauth2).

A message from kapa.ai

The data you're looking to obtain is user information that can be returned by the OpenID Connect (OIDC) userinfo endpoint. The specific data returned depends on the scopes that were requested and granted during the OAuth 2.0 authorization process. To obtain this data, you need to include the relevant scopes in your authorization request. For example, to get the user's email and whether it's verified, you would include the

email

scope. For the user's profile information, you would include the

profile

scope. Here's an example of how to call the userinfo endpoint using the Ory SDK in JavaScript:

javascript import { Configuration, OidcApi } from "@ory/client"      const ory = new OidcApi(     new Configuration({       basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,       accessToken: process.env.ORY_API_KEY,     }),   )      export async function getUserInfo(accessToken: string) {     const { data } = await ory.getOidcUserInfo({       headers: { Authorization: "Bearer " + accessToken },     })     console.log(data)   }

In this example, we create a new instance of the Ory SDK with the

basePath

set to the URL of your Ory Network project. We then define an async function that calls the userinfo function with the

accessToken

passed as a parameter. The

data

contains the user attributes returned by the userinfo endpoint. Remember, the specific data returned will depend on the scopes included in the access token used to call the userinfo endpoint. For more details, you can refer to the [Ory documentation](https://www.ory.sh/docs/oauth2-oidc/userinfo-oidc).