Unable to get User.ReadBasic.All scope in JWT

Unknown 1 Reputation point
2022-09-26T19:20:57.017+00:00

I have enabled User.ReadBasic.All scope in AAD but the token which I get does not have the scope due to which I am getting 403 while trying to access graph APIs. My aim is to use graph APIs to get a user's profile using OID from AAD.

This is the documentation which I referred for creating the token : https://learn.microsoft.com/en-us/graph/auth-v2-service#4-get-an-access-token

Any help would be appreciated.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,497 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. HarmeetSingh7172 4,816 Reputation points
    2022-09-26T21:04:27.62+00:00

    Hi @Unknown ,

    Hope you're doing well.

    User.ReadBasic.All permission is only available as a delegate permission and that is why this permission is not appearing in roles property of Application token. You can use an equivalent application permission i.e., User.Read.All

    References- https://learn.microsoft.com/en-us/graph/permissions-reference#application-permissions-78

    Similar posts- https://learn.microsoft.com/en-us/answers/questions/916077/userreadbasicall-not-available-in-graph-api.html

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.