How to read AAD/Entra Properties of a User from an Azure Static Web App
We have an Azure Static Web App with integrated /api via Azure Function (linked backend). The frontend needs to know some properties of the authenticated user (like Job Title) but the /.auth/.me endpoint only provides the userId (Azure AAD GUID), userDetails (email) and userRoles.
How can we, either from the frontend (via fetch to some Azure AAD/Entra API) or the backend (c#) get more information about the logged-in user?
Note: Due to this missing feature, the frontend has no access to any access tokens.
Note: Azure Static Web Apps integrates authentication using Azure Active Directory (AAD) or other identity providers. When users authenticate, they receive a token that can be used to access APIs or other protected resources. However, the standard /.auth/me endpoint, which is used to get details about the authenticated user, does not currently return the access token itself.
- This means that if you want the frontend to access the user’s access token (which is necessary for calling backend APIs or services that require authentication), there is no direct way to retrieve it from
/.auth/me.
Hence as a workaround, you should make use of MSAL and generate the access token and then call Microsoft Graph API.
If the frontend does not have direct access to the necessary tokens, you can perform a request to the Microsoft Graph API from the Azure Function to retrieve additional information about the authenticated user.
- Get the User's Access Token in the Backend.
- Call the Microsoft Graph API to Get User Properties.
Make sure to add user.read API permission to the Microsoft Entra ID application:
And call the below query:
https://graph.microsoft.com/v1.0/me?$select=jobTitle,givenName,surname
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions