diff --git a/epdb/views.py b/epdb/views.py
index 6782c18e..d9e94acf 100644
--- a/epdb/views.py
+++ b/epdb/views.py
@@ -8,6 +8,7 @@ from django.http import JsonResponse, HttpResponse, HttpResponseNotAllowed, Http
 from django.shortcuts import render, redirect
 from django.views.decorators.csrf import csrf_exempt
 from envipy_additional_information import NAME_MAPPING
+from oauth2_provider.decorators import protected_resource
 
 from utilities.chem import FormatConverter, IndigoUtils
 from utilities.decorators import package_permission_required
@@ -2220,16 +2221,14 @@ def depict(request):
         return HttpResponseBadRequest()
 
 
-from django.contrib.auth.decorators import login_required
-from django.http import JsonResponse
-
-@login_required
+@protected_resource()
 def userinfo(request):
-    user = request.user
-    return JsonResponse({
+    user = request.resource_owner
+    res = {
         "sub": str(user.uuid),
         "email": user.email,
         "username": user.username,
         "name": user.get_full_name() or user.username,
         "email_verified": user.is_active,
-    })
\ No newline at end of file
+    }
+    return JsonResponse(res)