Jun 01 2021
04:32 AM
- last edited on
Jan 14 2022
03:27 PM
by
TechCommunityAP
Jun 01 2021
04:32 AM
- last edited on
Jan 14 2022
03:27 PM
by
TechCommunityAP
Hi,
our working setup stopped working sometime at the end of may (not sure of the exact date). We request a token from the authorization endpoint https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize with the following scopes: "openid User.read profile"
we then issue a request to https://graph.microsoft.com/oidc/userinfo with the Authorization: Bearer <TOKEN> and get
{
"error": {
"code": "BadRequest",
"message": "{\r\n \"error\":{\r\n \"code\":\"UndefinedScope\",\"message\":\"Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileBadRequestException' was thrown.\"\r\n }\r\n}",
"innerError": {
"date": "2021-06-01T10:52:35",
"request-id": "32aeff66-a806-4732-bbba-6872994ef2f7",
"client-request-id": "32aeff66-a806-4732-bbba-6872994ef2f7"
}
}
}
this used to work for all users. our app is configured to accept "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".
This works for professional accounts on my tenantid, but it doesn't work for personal account (tenantid 9188040d-6c67-4c5b-b112-36a304b66dad )
Can you offer any advice ? Thanks in advance
Jun 03 2021 01:06 PM
@jonenst , I had this same issue, and I found a workaround.
I used this end point instead to get the user info, and it worked https://graph.microsoft.com/v1.0/me
The object returned is slightly different property name wise, but I'm able to get data from it with my personal account.
Hope this helps.
Jun 07 2021 05:56 AM
Hi, thanks for the reply. Nice to know I'm not the only one.
I just tested https://graph.microsoft.com/v1.0/me and indeed it returns my name and some other things.
However I can't use it because my code is not specific to azure's oidc provider. My code only gets the user_info endpoint from the https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration document and uses that.
Do you know if I can report this to the team running "https://graph.microsoft.com/oidc/userinfo" ?
Thanks a lot
Jun 07 2021 06:33 AM
Jun 07 2021 07:04 AM
@jonenst it sounds like this will need to be addressed on the Microsoft side if you're constrained by the values from the config document.
Unfortunately, I'm not aware of what the process to formally report it is.
Cheers,
Demetree
Sep 15 2021 02:49 AM
Testing again, it works now. apparently it was fixed this summer in their server.