I have setup oauth via azure, i have received an authorization_code which i have exchanged for an access_token. I am then attempting to use that access token to get userinfo data including the email as described in the docs (https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo). However in the response it does not return to me the email.
{
"sub": "<redacted>",
"name": "John Doe",
"family_name": "John",
"given_name": "Doe",
"picture": "https://graph.microsoft.com/v1.0/me/photo/$value"
}
The documentation suggests that in order for email to be returned in the response it requires the email scope. https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo#userinfo-response
However i believe i am already specifying that i want the email scope.
App Permissions
/oauth2/v2.0/token (the scope shows profile, openid, email and user.Read)
What am i missing?>
I tried to reproduce the same in my environment and got the below results:
I created one Azure AD application and added API permissions as below:
Now I generated the access token
with same scope as you like below:
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id:app_id
grant_type:authorization_code
scope:https://graph.microsoft.com/User.Read
client_secret:secret
code:code
redirect_uri:redirect_uri
Response:
I used the above token to get user info data and got response without email like below:
GET https://graph.microsoft.com/oidc/userinfo
Response:
This is because the email field in user's profile is not set. So, I updated email field by editing user's properties.
Now I generated access token again and used it to get user info data and got response with email like below:
GET https://graph.microsoft.com/oidc/userinfo
Response: