OpenEMR v7.0 "oauth2/default/userinfo" endpoint returns 200 with no user information

I’m currently working on integrating OpenEMR with my application using OAuth2. Everything seems to be functioning correctly, except for one critical issue. When I make a request to the /oauth2/default/userinfo endpoint, it returns a status code 200, but I don’t receive any user information in the response.

My goal is to identify the user who is currently logged in to my application so that I can save certain preferences specific to that user.

Here is a simplified version of my OAuth2 flow:

  1. The user logs in through OpenEMR’s OAuth2 authentication.
  2. After successful authentication, my application requests user information from /oauth2/default/userinfo.
  3. Instead of receiving user details, I get an empty response with a 200 status code.

I’ve double-checked my OAuth2 configuration, and it seems to be set up correctly. Is there something specific I need to do to ensure that the /oauth2/default/userinfo endpoint returns the user’s information?

Any guidance on how to resolve this issue or suggestions for troubleshooting would be greatly appreciated. Thank you!

I haven’t done much with the userinfo endpoint but I do know you can use the id_token to grab a bunch of the user info. Have you looked into using that?

@sjpadgett might be able to chime in on the /userinfo as he put together the OIDC endpoints for OpenEMR.

Thank you for your prompt response!

Could you share a guide or example for using the id_token to extract user info?

I don’t recall implementing the user info endpoint. I currently have no plans in doing so however if someone wants to push a PR I’d be more than happy to look over.
As far as I’m concerned this is the purpose for the ID token. A web search can provide how to decode that token.