diff --git a/web/src/lib/auth.ts b/web/src/lib/auth.ts
index 0907cfb..f3bf3a0 100644
--- a/web/src/lib/auth.ts
+++ b/web/src/lib/auth.ts
@@ -4,16 +4,26 @@ import { logtoConfig } from './logto';
 
 export const getAuthenticatedUser = cache(async () => {
   try {
-    const context = await getLogtoContext(logtoConfig);
+    const context = await getLogtoContext(logtoConfig, { fetchUserInfo: true });
 
     if (!context.isAuthenticated || !context.claims?.sub) {
       return null;
     }
 
+    const { claims, userInfo } = context;
+
+    // Mirror the vitrine's display-name resolution (la-compagnie-maximus#80):
+    // prefer the userInfo endpoint over ID token claims, falling back to email
+    // in the layout. The `name` claim is often absent from the ID token while
+    // present in userInfo, which is why the user saw their email instead of "Max".
     return {
-      userId: context.claims.sub,
-      email: context.claims.email,
-      name: context.claims.name,
+      userId: claims.sub,
+      email: userInfo?.email || claims.email,
+      name:
+        userInfo?.name ||
+        userInfo?.username ||
+        claims.name ||
+        claims.username,
     };
   } catch (error) {
     console.error('[auth] getLogtoContext error:', error);