Get User Profile/Details using Graph API

Jyoti Ranjan Behera 0 Reputation points
2024-10-23T10:37:59.8433333+00:00

Hello Team, I'm trying to get the user profile such as display name, email id, phone number using graph API. I'm following this document for reference.

First of all I'm generating an access token using the below curl command:

curl --location 'https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'scope=https://graph.microsoft.com/.default' \
--data-urlencode 'grant_type=client_credentials'

Next, using the access_key from the above API, calling another /user API.

curl --location 'https://graph.microsoft.com/v1.0/users/<user-id>' \
--header 'Authorization: Bearer <access_key>'

I'm getting below error:

{
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            "date": "2024-10-23T05:27:38",
            "request-id": <request-id>,
            "client-request-id": <client-request-id>
        }
    }
}

In my App Registration > Selected App > API Permission > Microsoft Graph API, I've following permissions: User.Read.All Application Permission with Admin Consent as 'Yes'.

Is there any way to get the user profile using graph API? If my path is wrong, then suggest me a way to do it.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,265 questions
JavaScript API
JavaScript API
An Office service that supports add-ins to interact with objects in Office client applications.
998 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 108K Reputation points MVP
    2024-10-23T16:36:47.73+00:00

    The path looks OK, but you should verify the token - use a tool such as jtw.ms to decode it and make sure the permissions are correctly reflected therein.


  2. Yakun Huang-MSFT 6,415 Reputation points Microsoft Vendor
    2024-10-24T01:59:42.7633333+00:00

    Hello Jyoti Ranjan Behera,

    Thank you for reaching out to Microsoft Support!

    Get the lowest permissions required for specific User profiles user.read.all application permissions, and the lowest permissions required for groups and group members are GroupMember.Read.All application permissions.

    These can be seen in Permissions in the document, as shown in the image below:

    User's image

    However, there are limits to using application permissions to get group members, as shown in the following figure:

    User's image

    It is recommended that you use delegation permissions.

    Reference document:

    https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http

    https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.