2

I'm testing my login system that uses only Microsoft accounts as login. I want when a user logs in I want to read there profile and also their profile picture.

The claim I have right now:

<ClaimsSchema>
    <ClaimType Id="picture">
        <DisplayName>Picture</DisplayName>
        <DataType>string</DataType>
    </ClaimType>
</ClaimsSchema>

Also if I use Microsoft graph to get a profile picture it only returns a picture if there is one (the default picture with your initials does't count as a picture) is there a way to use the initials picture as a picture?

Or how do I configure the policy to read the profile picture?

nicolaslaurent
  • 31
  • 8

1 Answers1

2

The profile photo is not listed as an optional claim on this documentation page, so it would follow that you cannot surface this as a claim in the token response itself.

Also, it seems that the Graph doesn't support photos for consumer users, so keep that in mind. I got this error when trying to do so: Error: ConsumerPhotoIsNotSupported

In case you want to get the photo for an organizational (Azure AD) user, it looks like the Graph API returns user photo data as binary data (as a JPEG) which Azure AD B2C wouldn't be able to handle natively. You could use a REST connector to call your own API which fetches the image and either stores it (in something like Blob storage) or converts it to base64 and then returns either the URL or base64 data as a string to Azure AD B2C.

This sample will show you how to obtain the access token for a federated user in a custom policy and this docs article shows how to call a REST API (like the Graph API) using a bearer token.

It also looks like the Graph doesn't return anything for users without a photo. So I think you are out of luck on the "initials image" front. You'll need to generate one yourself if you want something.

Adam Stoffel
  • 156
  • 2