Can't get user photo using graph.microsoft.com

Question

User-484626426 posted

Hi guys,

I've managed to get access token from OpenID Connect authentication, but am struggling to get user's photo using graph.microsoft.com.

I've set the header to include Authorization and Bearer [access_token] as key and value and the GET request is https://graph.microsoft.com/v1.0/users/suencien@hotmail.com/photo/$value

suencien@hotmail.com is the authenticated email address.

The response I get is:

{
  "error": {
    "code": "UnableToReadToken",
    "message": "OAuth token submitted with the request can not be parsed.",
    "innerError": {
      "request-id": "880a2e95-5e47-4b74-9ff5-c5f4e9a9feed",
      "date": "2020-04-16T10:47:11"
    }
  }
}

The access_token is

eyJ0eXAiOiJKV1QiLCJub25jZSI6Inh1MzB0OGxGTnI1NUhXZGNrTmdvRnRRZGdYdGdDVlZCN0Z1djdpTmZzV0kiLCJhbGciOiJSUzI1NiIsIng1dCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSIsImtpZCI6IllNRUxIVDBndmIwbXhvU0RvWWZvbWpxZmpZVSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC85MTg4MDQwZC02YzY3LTRjNWItYjExMi0zNmEzMDRiNjZkYWQvIiwiaWF0IjoxNTg3MDMxOTU1LCJuYmYiOjE1ODcwMzE5NTUsImV4cCI6MTU4NzAzNTg1NSwiYWlvIjoiNDJkZ1lOaXNMZVordEhiOW5EM2gyVUxicXRaZUJBQT0iLCJhcHBfZGlzcGxheW5hbWUiOiJpTHV2UnVuIiwiYXBwaWQiOiI3MDY1YmFlMS00NTA1LTQ1YzMtYjFkNS1lMDAwNGNiMmE2YmYiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC85MTg4MDQwZC02YzY3LTRjNWItYjExMi0zNmEzMDRiNjZkYWQvIiwidGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwidXRpIjoiZTRlNEg3aXRvMHlZbXA1VFA5SzFBQSIsInZlciI6IjEuMCIsInhtc190Y2R0IjoxNDMxNjQxNDk4fQ.TRU7l6MCuvbPydfCzKfvfrLBwP_SuFScShUIbSSw3ITdQDYhWPLOMZ6Lt-dORhIVS5NjHDNhNDWZBfEbiZIHgF64RlKnZvmrSnsSwoopHMz-ejboWvwhw1AP5JqJwws9syUw34cCNP36izd-Obrw5KsPnuaPHgUt5nUiK9YDPoEtPRKcAumI501du3CWG4BRXv1tvBXQkoqo4anHb-rF6Xpyz_np3_5YFhOHukcm0ppwuD46xWLjYwCR9Y38eJFLceJuei5ZM9ASzg6pI7wXpOYKVM784bTLzgpOYi__NqHk_QnuFnV5tDSllYtZCgZuHsFIL6EGRj4D4IM9DWXiug

Does anyone know what I got wrong?

Answer 1

User-1330468790 posted

Hi suencien,

 

From the error message, I think the problem is not caused by a wrong token. Otherwise, the error message should be as below:

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "CompactToken parsing failed with error code: 80049217",
    "innerError": {
      "request-id": "3b982474-ec5b-4003-9438-60496bae8761",
      "date": "2020-04-17T07:45:42"
    }
  }
}

I tried to get an access token for https://graph.microsoft.com/v1.0/users/{userPrincipalName}/photo/$value and I found that the graph does not support for the personal account.

The error message is as below:

{
  "error": {
    "code": "NoPermissionsInAccessToken",
    "message": "The token contains no permissions, or permissions can not be understood.",
    "innerError": {
      "request-id": "5f885aa4-8b13-4fdb-a2c2-cdad64797f9a",
      "date": "2020-04-17T07:38:47"
    }
  }
}

 

Suggestion:

Then I found there is another post on stackoverflow where the post said that he solved the problem by telling the "https://login.microsoftonline.com/common/oauth2/token"endpoint what he needed the token for and passing a "resource=[resource-endpoint]" in the body sent to "login.microsoftonline.com/common/oauth2/token".

More details, you could check below link in case you met the problem in a similar scenario.

OAuth token submitted with the request can not be parsed

  

Hope this can help you.

Best regards,

Sean

Answer 2

User-484626426 posted

Hi Sean,

Thank you for your investigation. The resource is actually specified at AcquireTokenSilentAsync and AcquireTokenAsync. In my case, it's https://graph.microsoft.com.

Then again, you're right! The graph does not support personal accounts :(