Wrong user retrieved from rest/v2/userInfo


After the user retrieves the accesToken ı’m getting the userId from /rest/v2/userInfo but there’s an error.
It’s random if it’s the right user, anonymous or admin who is retrieved.

How is this happening? now I have to check if the “login” that a get from /userInfo is the same as the user typed in and do a recursive call until the “login” is correct.

Do you pass the Authorization header with the correct token value when you request the /userInfo endpoint?