Process UserInfo Request
This API gathers information about a user.
authlete userinfo process [flags]
authlete userinfo process --service-id <id> --token Ntm9MDb8WXQAevqrBkd84KTTHbYHVQrTjgUZCOWqEUI
--body string Request body as JSON (alternative to individual flags). Can also be provided via stdin.
-c, --client-certificate string Client certificate used in the TLS connection established between the client application and the userinfo endpoint.
The value of this request parameter is referred to when the access token given to the userinfo endpoint was bound to
a client certificate when it was issued. See [OAuth 2.0 Mutual TLS Client Authentication and Certificate-Bound Access Tokens]
(https://datatracker.ietf.org/doc/rfc8705/) for details about the specification of certificate-bound access tokens.
--dpop DPoP DPoP header presented by the client during the request to the user info endpoint.
The header contains a signed JWT which includes the public key that is paired with the private key used to sign the JWT.
See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)
for details.
--dpop-nonce-required nonce The flag indicating whether to check if the DPoP proof JWT includes the expected nonce value.
If this request parameter is set to `true` or if the service's `dpopNonceRequired` property is
set to `true`, the `/auth/userinfo` API checks if the DPoP proof JWT includes the expected `nonce`
value. In this case, the response from the `/auth/userinfo` API will include the `dpopNonce` response
parameter, which should be used as the value of the DPoP-Nonce HTTP header.
--headers string HTTP headers to be included in processing the signature. If this is a signed request, this must include the
Signature and Signature-Input headers, as well as any additional headers covered by the signature.
-h, --help help for process
--htm GET HTTP method of the user info request. This field is used to validate the DPoP header.
In normal cases, the value is either GET or `POST`.
--htu userInfoEndpoint URL of the user info endpoint. This field is used to validate the DPoP header.
If this parameter is omitted, the userInfoEndpoint property of the service is used as the default value.
See [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop)
for details.
-m, --message string The HTTP message body of the request, if present.
-r, --request-body-contained The flag indicating whether the userinfo request contains a request body.
-s, --service-id string A service ID. [required]
--target-uri string The target URI of the userinfo request, including the query part, if any.
--token string An access token.
[required]
-u, --uri string The full URL of the userinfo endpoint.
--agent-mode Enable structured errors and default TOON output for AI coding agents. Automatically enabled when a known agent environment is detected (CLAUDE_CODE, CURSOR_AGENT, etc.). Use --agent-mode=false to disable.
--bearer Authorization: Bearer <token> Authenticate every request with a **Service Access Token** or **Organization Token**.
Set the token value in the Authorization: Bearer <token> header.
**Service Access Token**: Scoped to a single service. Use when automating service-level configuration or runtime flows.
**Organization Token**: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.
Both token types are issued by the Authlete console or provisioning APIs.
--color string Control colored output: auto (color when output is a TTY), always, or never. Respects NO_COLOR and FORCE_COLOR env vars. (default "auto")
-d, --debug Log request and response diagnostics to stderr
--dry-run Preview the request that would be sent without executing it (output to stderr)
-H, --header stringArray Set a custom HTTP request header (format: "Key: Value"). Can be specified multiple times.
--include-headers Include HTTP response headers in the output
-q, --jq string Filter and transform output using a jq expression (e.g., '.name', '.items[] | .id')
--no-interactive Disable all interactive features (auto-prompting, explorer auto-launch, TUI forms)
-o, --output-format string Specify the output format. Options: pretty, json, yaml, table, toon. (default "pretty")
--server string Select a server by index (for indexed servers) or name (for named servers)
--server-url string Override the default server URL
--timeout string HTTP request timeout (e.g., 30s, 5m, 100ms)
--usage Print the CLI Usage schema in KDL format
- authlete userinfo - Operations for userinfo