To use this endpoint in Azure AD we need a token, and without specifying the “Resource” parameter.
How to obtain a token (V1)
For the sake of this example we’ll use the auth code grant flow to request tokens, using Microsoft Identity Platform V1 endpoint.
In a browser we can request a token like the samples below.
- Request Code – without specifying the “Resource” parameter, like:
- Request Token – using Code returned request Access Token again, without specifying the “resource” parameter, request to token endpoint should look like:
Response has an Access Token, that cannot be decoded:
Call the endpoint
Do the request to UserInfo endpoint (https://login.microsoftonline.com/common/openid/userinfo) using the access token, like you can see below:
Call UserInfo with Microsoft Identity Platform V2 endpoint
Above we described how to call the endpoint using the V1 endpoint, the same can be achieved using the V2 endpoints also.
When using this authentication endpoints we’ll need to get a token with the MS Graph scope and call the UserInfo endpoint – https://graph.microsoft.com/oidc/userinfo.
How to get UserInfo details from the JWT Token
If you are requesting a id_token to begin with, you can just decode it and save yourself an additional call in your application.
Below we can see a decoded id_token and information that it has.
The information of the UserInfo endpoint that you should use depends on the authentication endpoints version. And the best way to get that info is to call the metadata endpoints.
|https://login.microsoftonline.com/common/openid/userinfo (Azure AD UserInfo)
(MS Graph UserInfo)