Problem

When using the OAuth Authorization Code flow, the /v1/oauth/token response (generateTokenSuccessResponse) does not include any unique user identifier (e.g., UPS Profile ID, UPS.com username, or associated UPS Account Number).

This makes it impossible for third-party applications to programmatically distinguish which UPS user authorized the token.

Use case

We are building an application where multiple UPS users connect their accounts via the Auth-Code flow. After receiving the access token, we need to know which UPS user (or UPS account) it belongs to, in order to:

1. Prevent duplicate connections (same UPS account linked twice)
2. Distinguish between different users' tokens in our database
3. Detect if a user re-authorizes with a different UPS account

Current workaround

There is none. The token response only contains token metadata and client_id (which is our app's ID, not the user's). There is no /userinfo or /me endpoint to retrieve the authenticated user's identity.

Proposed solution

Either:

• Include a unique user identifier (e.g., ups_user_id or account_numbers) in the /v1/oauth/token response
• • Or provide a separate API endpoint (e.g., /v1/user/profile) that returns the authenticated user's identity when called with a valid access token
    This is a standard practice in OAuth implementations (e.g., Google's /userinfo, GitHub's /user endpoint).