I'm trying to implement MSAL login in an app and it needs a profile picture. When trying to get it via https://graph.microsoft.com/me/photo/$value, I get the following response:
{"error":{"code":"ErrorInsufficientPermissionsInAccessToken","message":"Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.","innerError":{"date":"redacted","request-id":"redacted","client-request-id":"redacted"}}}
According to the API reference linked above, getting the profile picture for an account requires the User.Read
permission (for access with least priveliges). I do obtain the pernission, and the consent screen agrees.
Just to make sure, I did test switching this out for User.Read.All
and this made no difference.
What do I do to stop this exception happening?