Fix token-info display and improve update-profile error handling

- Fix token-info table output to correctly extract email from JWT token
  fields (username/sub) instead of showing N/A
- Add user's full name to token-info display when available
- Improve update-profile error message for user ID mismatch to clearly
  explain the self-service limitation
- Update user-guide.md documentation to match actual CLI behavior and
  document the update-profile limitation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Kevin Stanley <stanleyk@objectcomputing.com>

Author: stanleykc

unityauth-cli/docs/user-guide.md

@@ -227,9 +227,10 @@ unityauth token-info
 | Field | Description |
 |-------|-------------|
 | Email | Authenticated user's email |
-| API URL | Current API endpoint |
-| Token Status | Valid/Expired/Not Found |
-| Expires | Token expiration time (if available) |
+| Name | User's full name (if available) |
+| API Endpoint | Current API endpoint |
+| Authenticated | Yes (shown when authenticated) |
+| Token Expires | Token expiration time (Unix timestamp) |
 
 **Examples:**
 
@@ -241,6 +242,24 @@ unityauth token-info
 unityauth token-info -o json
 ```
 
+**Sample Output:**
+
+```
++---------------+-------------------------+
+| Field         | Value                   |
++===============+=========================+
+| Email         | admin@example.com       |
++---------------+-------------------------+
+| Name          | Admin User              |
++---------------+-------------------------+
+| API Endpoint  | https://auth.example.com|
++---------------+-------------------------+
+| Authenticated | Yes                     |
++---------------+-------------------------+
+| Token Expires | 1767196697              |
++---------------+-------------------------+
+```
+
 ---
 
 ## Configuration Commands
@@ -494,10 +513,14 @@ unityauth user update-profile USER_ID [OPTIONS]
 **Behavior:**
 
 - This is a **self-service** command: you can only update your own profile
-- The `USER_ID` must match your authenticated user ID
+- The `USER_ID` must match your authenticated user ID exactly
 - At least one option must be provided
 - Only the specified fields are updated; others remain unchanged
 
+**Important Limitation:**
+
+This command cannot be used by administrators to update other users' profiles. The backend enforces that the authenticated user can only modify their own account. To update another user's name or password, use the web interface or API directly.
+
 **Examples:**
 
 ```bash
@@ -524,7 +547,7 @@ unityauth user update-profile 5 --dry-run --first-name John --last-name Smith
 
 | Error | Cause | Solution |
 |-------|-------|----------|
-| "Permission denied" | User ID doesn't match authenticated user | Use `token-info` to find your user ID |
+| "User ID mismatch" | The user ID doesn't match your authenticated user | Use `token-info` to find your correct user ID. You can only update your own profile. |
 | "At least one field must be provided" | No options specified | Provide `--first-name`, `--last-name`, or `--password` |
 | "Password must be at least 8 characters" | Password too short | Use a longer password |
 

unityauth-cli/src/unityauth_cli/commands/login.py

@@ -167,14 +167,30 @@ def token_info(ctx: CLIContext, client: UnityAuthAPIClient) -> None:
         if ctx.output_format == 'json':
             console.print(format_json(response))
         else:
-            # Extract key fields for table display
+            # Extract email from various possible fields
+            email = (
+                response.get('username') or
+                response.get('sub') or
+                response.get('email') or
+                response.get('userEmail', 'N/A')
+            )
+
+            # Extract name if available
+            first_name = response.get('first_name', '')
+            last_name = response.get('last_name', '')
+            full_name = f"{first_name} {last_name}".strip() if first_name or last_name else None
+
+            # Build display data
             display_data = {
-                'User Email': response.get('email') or response.get('userEmail', 'N/A'),
-                'User ID': response.get('userId') or response.get('id', 'N/A'),
-                'API Endpoint': ctx.api_url,
-                'Authenticated': 'Yes',
+                'Email': email,
             }
 
+            if full_name:
+                display_data['Name'] = full_name
+
+            display_data['API Endpoint'] = ctx.api_url
+            display_data['Authenticated'] = 'Yes'
+
             # Add expiration if present
             if 'exp' in response or 'expiration' in response:
                 exp = response.get('exp') or response.get('expiration')

unityauth-cli/src/unityauth_cli/commands/users.py

@@ -342,6 +342,21 @@ def update_profile(
             "Use 'unityauth token-info' to see your user details."
         )
         sys.exit(3)
+    except ValidationError as e:
+        error_msg = str(e).lower()
+        # Check for user ID mismatch error from backend
+        if "mismatch" in error_msg or "bad request" in error_msg:
+            error(
+                "User ID mismatch: You can only update your own profile",
+                f"The user ID {user_id} does not match your authenticated user.\n\n"
+                "To find your user ID:\n"
+                "  $ unityauth token-info\n\n"
+                "Note: 'update-profile' is a self-service command. To update another\n"
+                "user's details, an administrator must use the web interface or API directly."
+            )
+        else:
+            error(str(e))
+        sys.exit(1)
     except Exception as e:
         handle_error(e)