How to retrieve user info with Azure AD scopes and oidc-client.js?
I'm confused how I can get access tokens and user info details when using azure ad scopes with oidc-client.js.
I have the following scope against my app in the portal...
I then have my user manager settings set up as follows....
var settings: UserManagerSettings = {
authority: `https://login.microsoftonline.com/${tenantId}`,
client_id: clientId,
redirect_uri: "http://localhost:3000/authcallback",
post_logout_redirect_uri: "http://localhost:3000/authcallback",
response_type: "token id_token",
scope: `api://${clientId}/access_user_data openid`,
popup_redirect_uri: "http://localhost:3000/authcallback",
silent_redirect_uri: "http://localhost:3000/authcallback",
automaticSilentRenew: true,
loadUserInfo: true,
metadata: {
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
authorization_endpoint: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`,
issuer: `https://login.microsoftonline.com/${tenantId}/v2.0`,
jwks_uri: `https://login.microsoftonline.com/${tenantId}/discovery/v2.0/keys`
}
};
When I login with signinRedirect I get an access_token returned to my callback, however the call to https://graph.microsoft.com/oidc/userinfo fails with unauthorized when doing getUser().
oidc-client.min.js:1 GET https://graph.microsoft.com/oidc/userinfo 401 (Unauthorized)
The access token does appear to work with my api that requires the api://${clientId}/access_user_data scope.
The discovery document here lists the following available scopes
"scopes_supported": [
"openid",
"profile",
"email",
"offline_access"
]
Which I thought would have worked as I am also including the openid scope. Note that if I only have the openid scope like so scope: "openid", getUser() works, however it doesn't have the scope I need for calling my api.
What am I doing wrong here?
Thanks,
Had the Same issue after some research tried setting loadUserInfo to false that resolved my problem can please try the same
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Getting a token from Microsoft Intra ID with PostMan using MFA
- MSAL for non-SPA? Server side authentication?
- Error 403 User not authorized when trying to access Azure Databricks API through Active Directory
- Add Azure Active Directory User to Azure SQL Database
- How to use stored procedure parameters as dynamic content in copy activity using ADF
- Azure AD B2C error AADB2C90057 when I am NOT trying to use the implicit flow
- “That Microsoft account doesn’t exist” for Microsoft logins on Auth0
- You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'
- .Net Core - Use AzureAD/EntraID Authentication to Access Azure DevOps REST APIs
- Issue with Azure Automation Account and Key Vault Certificate Retrieval
- OpenAI remove key access while using AAD authentication
- Azure Tenant setup for .NET Blazor WASM calling Web API + Microsoft Graph
- Add tenant specific roles in Azure AD multitenant app
- Allow App Service to be called by just a test user and another App Service using a system assigned managed identity
- How to automatically refresh access token
- Access Token Issuer from Azure AD is sts.windows.net Instead Of login.microsoftonline.com
- How to get user's attributes from Identity in Blazor Server with organization authentication
- Correlation failed in net.core / asp.net identity / openid connect
- I'm unable to Login to VM with Azure AD user credentials
- I need to add co-organizer in teams meeting through graph api
- Entra ID - Adding actor claim to the token via client credential flow
- Roles for a SPA and API setup in Microsoft Intra ID
- Unable to patch businessPhones of Entra External ID user, Insufficient privileges to complete the operation
- How to create dynamic groups in AzureAD/EntraID from a csv import?
- Creating a user in Azure AD B2C through Microsoft SSO
- Azured AD JWT authentication doesn't work for Web API hosted in docker using TestContainer
- How do I connect locally to Azure SQL database with Microsoft Entra ID registered app in C#?
- How to fix 'Unable to Obtain Authentication Token' in Active Directory Authentication to Azure Analysis Server
- Error OrganizationFromTenantGuidNotFound and 401 Unauthorized when Sending Email via Microsoft Graph API in React App