The path looks OK, but you should verify the token - use a tool such as jtw.ms to decode it and make sure the permissions are correctly reflected therein.
Get User Profile/Details using Graph API
Hello Team, I'm trying to get the user profile such as display name, email id, phone number using graph API. I'm following this document for reference.
First of all I'm generating an access token using the below curl command:
curl --location 'https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client-id>' \
--data-urlencode 'client_secret=<client-secret>' \
--data-urlencode 'scope=https://graph.microsoft.com/.default' \
--data-urlencode 'grant_type=client_credentials'
Next, using the access_key from the above API, calling another /user API.
curl --location 'https://graph.microsoft.com/v1.0/users/<user-id>' \
--header 'Authorization: Bearer <access_key>'
I'm getting below error:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2024-10-23T05:27:38",
"request-id": <request-id>,
"client-request-id": <client-request-id>
}
}
}
In my App Registration > Selected App > API Permission > Microsoft Graph API, I've following permissions: User.Read.All Application Permission with Admin Consent as 'Yes'.
Is there any way to get the user profile using graph API? If my path is wrong, then suggest me a way to do it.
2 answers
Sort by: Most helpful
-
-
Yakun Huang-MSFT 6,415 Reputation points Microsoft Vendor
2024-10-24T01:59:42.7633333+00:00 Hello Jyoti Ranjan Behera,
Thank you for reaching out to Microsoft Support!
Get the lowest permissions required for specific User profiles user.read.all application permissions, and the lowest permissions required for groups and group members are GroupMember.Read.All application permissions.
These can be seen in Permissions in the document, as shown in the image below:
However, there are limits to using application permissions to get group members, as shown in the following figure:
It is recommended that you use delegation permissions.
Reference document:
https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.