Allow external guests to view profile pictures

Occasional Contributor

We're using SharePoint Online as a portal for our clients and would like the client's to be able to see the Office 365 profile pictures of our employees. I'm using PnPjs to retrieve the photo and it works fine when our employees are logged. They can view profile pictures of other employees. When a client is logged in PnPjs throws a 401 Unauthorized error.

 

Is this how it's supposed to work? The User.ReadBasic.All documentation states that it uses the permission of the logged in user so the client user must not have permission. Is there a setting to allow photos to be viewed by external guests or a way to use a separate permission and not use the permission of the logged in user when retrieving the photo? Thanks.

 

EDIT: I did some research and it looks like User.ReadBasic.All is set as a delegated permission in the app registration. Is there a way to use that with application permission? It's not in the list when viewing application permissions but User.Read.All is. If I use User.Read.All application permission will the same code I'm already using work for clients?

0 Replies