question

dixitaro-MSFT avatar image
0 Votes"
dixitaro-MSFT asked ·

Unable to use access_token aquired from logged in your session id_token to consume graph API to get current user photo

As stated, tried to use access_token acquired from user session id_token. But when trying to use the access token it's giving below error message.

{

"error": {

 "code": "InvalidAuthenticationToken",

 "message": "CompactToken parsing failed with error code: 80049217",

 "innerError": {

   "request-id": "<>",

   "date": "2020-02-11T15:46:32"

 }

}

}

Here is the Graph API URL I tried to pass the access token as a authorization header

https://graph.microsoft.com/v1.0/me/photo

But, the same graph API URL is working when tried from Microsoft graph explorer.

Appreciate any help.

Thanks

azure-active-directoryazure-ad-graph
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

How did you get the ID_Token? What are the claims in the id token? You can decode JWT Tokens here : https://jwt.ms/

It's most likely not the access token. You probably followed the auth code flow and got an id token back an auth code, but the access token is different. This is retrieved from the token endpoint. In addition to that, trying to skim the token from the browser's graph explorer is not a vaild way to get an access token.

Please follow a proper authentication protocol with a client id and client secret to get a proper access token. For more information on this see the below docs/

For more information on how this flow works see :

https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

An easy tutorial on how to get an access token and make a call to the Microsoft Graph API can be found here : https://docs.microsoft.com/en-us/archive/blogs/aaddevsup/using-postman-to-call-the-microsoft-graph-api-using-authorization-code-flow

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sivapokuri-4462 avatar image
0 Votes"
sivapokuri-4462 answered ·

Dear @FrankHuMSFT-3200

Thanks for your reply.

And you are correct. I got the id_token with the end user authentication.

Now, I would like to get my photo from graph API. For that I need an access_token (which is authorized to call Graph API).

I know that I can get the access token directly by providing client id & client secret. And I tested also. But, that will not get my photo from Graph API URL https://graph.microsoft.com/v1.0/me/photo/$value

Question is that how can I acquire access_token from my user session or id_token?

Thanks in advance.

Thanks Siva

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.