diff --git a/pillar/api/users/hooks.py b/pillar/api/users/hooks.py
index 68468f37..6a285ccf 100644
--- a/pillar/api/users/hooks.py
+++ b/pillar/api/users/hooks.py
@@ -102,7 +102,7 @@ def after_fetching_user(user):
         return
 
     # Remove all fields except public ones.
-    public_fields = {'full_name', 'email'}
+    public_fields = {'full_name', 'username', 'email'}
     for field in list(user.keys()):
         if field not in public_fields:
             del user[field]
diff --git a/pillar/web/subquery.py b/pillar/web/subquery.py
index c5f2597e..c7d21a9b 100644
--- a/pillar/web/subquery.py
+++ b/pillar/web/subquery.py
@@ -9,9 +9,9 @@ from pillar.web.system_util import pillar_api
 
 
 def get_user_info(user_id):
-    """Returns email & full name of the user.
+    """Returns email, username and full name of the user.
 
-    Only returns those two fields, so the return value is the same
+    Only returns the public fields, so the return value is the same
     for authenticated & non-authenticated users, which is why we're
     allowed to cache it globally.
 
@@ -26,7 +26,8 @@ def get_user_info(user_id):
         return {}
 
     return {'email': user.email,
-            'full_name': user.full_name}
+            'full_name': user.full_name,
+            'username': user.username}
 
 
 def setup_app(app):
diff --git a/tests/test_api/test_auth.py b/tests/test_api/test_auth.py
index eeace119..c938334b 100644
--- a/tests/test_api/test_auth.py
+++ b/tests/test_api/test_auth.py
@@ -11,7 +11,7 @@ from pillar.tests import AbstractPillarTest, TEST_EMAIL_USER, TEST_EMAIL_ADDRESS
 from pillar.tests.common_test_data import EXAMPLE_NODE
 from werkzeug.exceptions import Forbidden
 
-PUBLIC_USER_FIELDS = {'full_name', 'email'}
+PUBLIC_USER_FIELDS = {'full_name', 'email', 'username'}
 
 # Use the example project with some additional permissions for these tests.
 EXAMPLE_PROJECT = copy.deepcopy(ctd.EXAMPLE_PROJECT)