I have setup oauth via azure, i have received an authorization_code which i have exchanged for an access_token. I am then attempting to use that access token to get userinfo data including the email as described in the docs (

/oauth2/v2.0/token (the scope shows profile, openid, email and user.Read)

What am i missing?>

CodePudding user response：

I tried to reproduce the same in my environment and got the below results:

I created one Azure AD application and added API permissions as below:

Now I generated the access token with same scope as you like below:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id:app_id
grant_type:authorization_code
scope:https://graph.microsoft.com/User.Read
client_secret:secret
code:code
redirect_uri:redirect_uri

Response:

I used the above token to get user info data and got response without email like below:

GET https://graph.microsoft.com/oidc/userinfo

Response:

This is because the email field in user's profile is not set. So, I updated email field by editing user's properties.

Now I generated access token again and used it to get user info data and got response with email like below:

GET https://graph.microsoft.com/oidc/userinfo

Response: