3

I am trying Microsoft Graph in a personal project to learn about it. I have an Application and secret registered in Azure. This Application contains the following permissions at Application level: User.Read.All, User.ReadWrite. All these permissions are approved by admin and are enabled.

enter image description here

I generate a token to use combined with Bearer in Authorization header. I generate the token using the ApplicationId and Secret and I use this token to call Graph API(beta and also 1.0). This token works as I can see the information from Users. However, when I try to call /users/{Id}/photo/$value in Beta Api, it always returns:

"error": {
    "code": "ImageNotFound",
    "message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ImageNotFoundException' was thrown.",

If I use my account(delegated) to authenticate and call to get my photo: Endpoint: /me/photo/$value the photo is returned. However at Application level endpoint (/users/{Id}/photo/$value) it doesn't work. Consider Application level calls a different endpoint (/users/{Id}/photo/$value) using the user Id to get the photo. As you can see the permissions are enabled and configured for AppId and Secret used to generate the token in Azure.

Would you know if I need to setup anything additional? At Application level anything additional should be considered?

Any help will be appreciated.

Alberto Montellano
  • 5,886
  • 7
  • 37
  • 53
  • 1
    The 2 requests (Application level and User level) are calling photo info of the **same** users? Can you tell me how you add the photo? In Microsoft Teams? – Allen Wu Jun 09 '21 at 02:07
  • 1
    There is [currently a known issue](https://learn.microsoft.com/en-us/graph/known-issues#groups) with accessing group photos using application permissions. – Dev Jun 09 '21 at 04:10
  • 1
    @Dev this is not Group photo, this is user's profile photo. – Alberto Montellano Jun 09 '21 at 05:36
  • @AllenWu yes , both are calling to the same user . When calling with Application level to the Users/{id}/photo/@value endpoint it returns the not found all the time. – Alberto Montellano Jun 09 '21 at 05:37
  • Where did you add the photo? In Teams or O365 portal or Azure portal? – Allen Wu Jun 09 '21 at 06:03
  • interesting @Alberto.. Is this personal account or work/school account? If its personal account then this call is not supported. – Dev Jun 09 '21 at 07:18
  • @AllenWu it is in O365, but I think it is not relevant, because when using the endpoint /me/photo/$value it gets the photo. Do you think the place of photo storage affects? Graph shouldn't be getting the photo from the same place for all endpoints? – Alberto Montellano Jun 09 '21 at 10:36
  • @Dev this is a Microsoft App registration in Azure, with secret. I think the token Is generated for this AppId and Secret, in what sense it affects if it is personal/work account? The permissions are allowed to this Microsoft app registration in Azure. Do you mean the Microsoft App Registration is personal? Please provide some details to clarify. – Alberto Montellano Jun 09 '21 at 10:38
  • @AlbertoMontellano Not exactly. I just want to reproduce your issue. – Allen Wu Jun 10 '21 at 02:24
  • @Dev this is case with an AppId and SecretId created in a Tenant with Active Directory. This is not my hotmail account. Please, this is a problem specific with Graph API, the scope is trying to get the photo from AD. – Alberto Montellano Jun 12 '21 at 17:06
  • If issue still persists consider opening a support ticket with Microsoft and see whats happening in-detail and they can able to fix the issue. – Dev Jun 19 '21 at 04:47

1 Answers1

2

I was able to resolve this by editing the user in Azure AD (not by editing your profile):

Users

Click on the user you want to edit:

Edit User

Upload a photo for the user:

Click Edit and upload a photo

user470970
  • 21
  • 2