azureazure-active-directoryazure-oauth

How to get email from Microsoft graph api oidc/userinfo endpoint


I have setup oauth via azure, i have received an authorization_code which i have exchanged for an access_token. I am then attempting to use that access token to get userinfo data including the email as described in the docs (https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo). However in the response it does not return to me the email.

{
    "sub": "<redacted>",
    "name": "John Doe",
    "family_name": "John",
    "given_name": "Doe",
    "picture": "https://graph.microsoft.com/v1.0/me/photo/$value"
}

The documentation suggests that in order for email to be returned in the response it requires the email scope. https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo#userinfo-response

However i believe i am already specifying that i want the email scope.

App Permissions

enter image description here

/oauth2/v2.0/token (the scope shows profile, openid, email and user.Read)

enter image description here

What am i missing?>


Solution

  • I tried to reproduce the same in my environment and got the below results:

    I created one Azure AD application and added API permissions as below:

    enter image description here

    Now I generated the access token with same scope as you like below:

    POST https://login.microsoftonline.com/common/oauth2/v2.0/token
    client_id:app_id
    grant_type:authorization_code
    scope:https://graph.microsoft.com/User.Read
    client_secret:secret
    code:code
    redirect_uri:redirect_uri
    

    Response:

    enter image description here

    I used the above token to get user info data and got response without email like below:

    GET https://graph.microsoft.com/oidc/userinfo
    

    Response:

    enter image description here

    This is because the email field in user's profile is not set. So, I updated email field by editing user's properties.

    Now I generated access token again and used it to get user info data and got response with email like below:

    GET https://graph.microsoft.com/oidc/userinfo
    

    Response:

    enter image description here