getUserInfo REST API response with 401 by using scope "openid profile email wl.imap wl.emails wl.offline_access"

Xie Nash 51 Reputation points
2022-01-19T07:59:08.83+00:00

I am developing a Android Mobile Email App to connect outlook imap/smtp server by Oauth2 to pull/send Email by outlook account.
I can get AccessToken/Refresh Token by using AppAuth with SCOPE "openid profile email", and I can get user info by getUserInfo(oidc/userinfo) REST API with AccessToken(with scope "openid profile email").
But when I use SCOPE "*openid profile email https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send*", the REST API of getUserInfo(oidc/userinfo) failed and get response code 401.
I don't know why, cloud you help me to fix this issue.

when using scope "wl.imap wl.emails wl.offline_access", I can connect imap/smtp server, but also can not get user info by REST API of getUserInfo(oidc/userinfo). It is also response with 401 error.
when using scope "openid profile email wl.imap wl.emails wl.offline_access" , still can not get user info, also response with 401 error.

401

{"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code: 8004920A","innerError":{"date":"2022-01-19T08:04:30","request-id":"aef5eef3-4bc2-41be-86c8-be7a5362b4e8","client-request-id":"aef5eef3-4bc2-41be-86c8-be7a5362b4e8"}}}

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,645 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,356 questions
0 comments
Accepted answer
  1. CarlZhao-MSFT 37,216 Reputation points
    2022-01-25T09:48:51.173+00:00

    Hi @Xie Nash

    You are getting outlook token not Graph token, to call the oidc/userinfo endpoint you should remove the scope: https://outlook.office.com/IMAP.AccessAsUser.All, https://outlook.office.com/SMTP.Send.

    ie: "scope": "openid profile email User.Read" .

    Another method is keeping your current scopes and call GET https://outlook.office365.com/api/v2.0/me/ to get the signed-in user's information.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest