The description of the EduRoster.ReadBasic scope says:
Allows the app to read a limited subset of the properties from the structure of schools and classes in an organization's roster and a limited subset of properties about users to be read on behalf of the user. Includes name, status, education role, email address and photo.
I'm trying to pull the photos of students using this scope, as I already have access to it in my application, so it would save me having to request additional scopes. However, in all of the education APIs (eg Get educationUser) I cannot see any properties to retrieve a photo.
When I try to call Get profilePhoto I am told I do not have the correct scopes to make this call.
Do I need to call a different education API (if so can you point me in this direction), or is the description for EduRoster.ReadBasic just wrong and need fixing?
The educationUser resource doesn't include profile pictures. Profile pictures are represented by a profilePhoto resource that is accessible through an AAD user.
To get the photo for the current user, you can use /me/photo/$value. The minimum scope required for the operation is User.Read.
If you want to get a photo for another user, you can use /users/{id|upn}/photo/$value. The minimum scope required for this operation is User.ReadBasic.All.
You can also request a specific size or retrieve the metadata from this endpoint. Details on this can be found in the documentation for Get profilePhoto.