How to get email from Microsoft graph api oidc/userinfo endpoint

Question

I have setup oauth via azure, i have received an authorization_code which i have exchanged for an access_token. I am then attempting to use that access token to get userinfo data including the email as described in the docs (https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo). However in the response it does not return to me the email.

{
    "sub": "<redacted>",
    "name": "John Doe",
    "family_name": "John",
    "given_name": "Doe",
    "picture": "https://graph.microsoft.com/v1.0/me/photo/$value"
}

The documentation suggests that in order for email to be returned in the response it requires the email scope. https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo#userinfo-response

However i believe i am already specifying that i want the email scope.

App Permissions

/oauth2/v2.0/token (the scope shows profile, openid, email and user.Read)

What am i missing?>

Answer 1

I tried to reproduce the same in my environment and got the below results:

I created one Azure AD application and added API permissions as below:

Now I generated the access token with same scope as you like below:

POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id:app_id
grant_type:authorization_code
scope:https://graph.microsoft.com/User.Read
client_secret:secret
code:code
redirect_uri:redirect_uri

Response:

I used the above token to get user info data and got response without email like below:

GET https://graph.microsoft.com/oidc/userinfo

Response:

This is because the email field in user's profile is not set. So, I updated email field by editing user's properties.

Now I generated access token again and used it to get user info data and got response with email like below:

GET https://graph.microsoft.com/oidc/userinfo

Response: