Forum Discussion
400 Bad Request UndefinedScope ProfileBadRequestException on /oidc/userinfo for some users
Hi,
our working setup stopped working sometime at the end of may (not sure of the exact date). We request a token from the authorization endpoint https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize with the following scopes: "openid User.read profile"
we then issue a request to https://graph.microsoft.com/oidc/userinfo with the Authorization: Bearer <TOKEN> and get
{
"error": {
"code": "BadRequest",
"message": "{\r\n \"error\":{\r\n \"code\":\"UndefinedScope\",\"message\":\"Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileBadRequestException' was thrown.\"\r\n }\r\n}",
"innerError": {
"date": "2021-06-01T10:52:35",
"request-id": "32aeff66-a806-4732-bbba-6872994ef2f7",
"client-request-id": "32aeff66-a806-4732-bbba-6872994ef2f7"
}
}
}
this used to work for all users. our app is configured to accept "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
This works for professional accounts on my tenantid, but it doesn't work for personal account (tenantid 9188040d-6c67-4c5b-b112-36a304b66dad )
Can you offer any advice ? Thanks in advance
- DemetreeCopper Contributor
jonenst , I had this same issue, and I found a workaround.
I used this end point instead to get the user info, and it worked https://graph.microsoft.com/v1.0/me
The object returned is slightly different property name wise, but I'm able to get data from it with my personal account.
Hope this helps.
- jonenstCopper Contributor
Hi, thanks for the reply. Nice to know I'm not the only one.
I just tested https://graph.microsoft.com/v1.0/me and indeed it returns my name and some other things.However I can't use it because my code is not specific to azure's oidc provider. My code only gets the user_info endpoint from the https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration document and uses that.
Do you know if I can report this to the team running "https://graph.microsoft.com/oidc/userinfo" ?
Thanks a lot