graph explorer user attibutes null

Question

graph explorer user attibutes null

Frank 6

I'm logged into graph explorer as an admin user. I think I've granted the necessary permissions in order to read/see the data I want to see. If I click on the "Modify permissions" tab the User.Read and User.ReadWrite are in a status of Unconsent. When I try an execute https://graph.microsoft.com/v1.0/me the only populated data I get back is the "id" and "userPrincipalName". Everything else is null.

Also tried https://graph.microsoft.com/v1.0/users/<object_id> but got the same results.

Just want to be able to read the data that's currently being returned as null. While not all of the data is set some of it is.

Side note if I enter garbage for the <object_id> it still seems to return my user data i.e. id and userPrincipalName

3 answers

Your answer

Answer 1

HarmeetSingh7172 4,826

Hello @Frank

Thanks for reaching out!

I'm unable to reproduce this issue using my test tenant. I'm getting expected set of results in API response.

User.Read permission allows users to sign-in to the app and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

User.ReadWrite allows the app to read the signed-in user's full profile. It also allows the app to update the signed-in user's profile information on their behalf.

Please follow this Get a User document to know least to most privileged permissions needed to run the /me or /users/{id | userPrincipalName} endpoint. Also do refer this Graph Permissions documentation to understand user resource related permissions.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

Frank 6 Reputation points

2022-11-20T11:52:44.883+00:00

Sorry can't accept this as an answer. It doesn't really help me just points me to some reading which I've read already. I've set a value for every value in the profile I'm trying to query.
Frank 6 Reputation points

2022-11-21T14:32:53.847+00:00

Just a follow on from my previous comment, it appears the user I'm using has Global Administrator role

Answer 2

Zehui Yao_MSFT 5,876

Hi @Frank , I test locally using my admin user, and it both worked fine in explorer and postman with the permission User.Read.

Other suggestion I can offer is to try using the User.Read.All permission which will give you permission to read the entire property set of a user. This will require Admin Consent from a tenant admin before you can use it.

Or as mentioned in the official documentation, there may be some delays. Hope that can help you. Best wishes.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Frank 6 Reputation points

2022-11-21T14:23:27.213+00:00

Thanks for responding, I've a feeling the user I'm logging in with isn't an admin user. I don't know who to assign the user a role because when I click "Azure role assignments" for the user I get
"This blade is disabled for an Azure AD B2C tenant."
Zehui Yao_MSFT 5,876 Reputation points

2022-11-22T10:23:37.333+00:00

Hi, @Frank , maybe you click the wrong navigation, you can click the Assigned roles and Add assignments to assign an admin role.

This error indicates that your B2C tenant is missing the relevant certificate.
Frank 6 Reputation points

2022-11-24T22:39:05.71+00:00

Thanks for answer.

You suggest below

"Other suggestion I can offer is to try using the User.Read.All permission which will give you permission to read the entire property set of a user. This will require Admin Consent from a tenant admin before you can use it."

Where exactly do I set this permission.......in the portal somewhere?

Also the postman screen shot, how do you get the token your using? Again apologies but I'm very new to this and there seems to be a lot of effort do do simple things in my opinion
Zehui Yao_MSFT 5,876 Reputation points

2022-11-25T07:28:22.987+00:00

Hi @Frank , you can find your application by clicking "Application Registration" in the navigation bar. To enter the app page, you can click "API permission" in the navigation bar to grant permissions.
Some permissions require Admin consent, and you need to click “Grant admin consent" to take effect , an administrator account for the tenant is required to grant it.

And here I use the owner password flow to obtain token for test.

For more introduction about Microsoft Graph authentication authorization, here are some documentations for your reference:
https://learn.microsoft.com/en-us/graph/auth/auth-concepts?view=graph-rest-1.0
https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0
https://learn.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Frank 6 Reputation points

2022-11-25T16:16:57.41+00:00

Sorry I'm totally lost why do I need to have add permission to an application that has nothing to do with Graph Explorer.....you don't add these permissions at the user level. I want to be able to use graph explorer logged in as a user that's a global admin. Why would adding permissions to a registered random app help me. Thanks.
Zehui Yao_MSFT 5,876 Reputation points

2022-11-28T02:49:28.393+00:00

Hello, sorry I misunderstood you before, if you just want to request an API in explorer, you don't need to add permissions in the actual app, explorer will automatically add the corresponding permissions when making the request.

Answer 3

Shweta Mathur 30,296 Microsoft Employee Moderator

Hi @Frank ,

Thanks for reaching out.

I understand you are trying to get the user's details using Graph Explorer and getting only id and userPrincipalName.

I tried to replicate the issue at my end and able to get the user's details which are set for admin and is visible in portal as well.

I have the following permissions in my Graph Explorer which can been consented earlier.

and able to get the details as shown below

v1.0 endpoint will not show those details which has not been set for the user.

I also tried to retrieve the user's details by providing object id of the admin in Graph Explorer and got same results:

However, providing any garbage details in object -id is giving me the error:

Could you please confirm, are you getting null value in the attributes, or you are not getting the attribute as well.

v1.0 endpoint will not provide the attributes if values are not set, and beta endpoint will give null value for those attributes.

"employeeId": "ABC123",  
"employeeHireDate": null,  
"employeeLeaveDateTime": null,  
"employeeType": null,  
"faxNumber": null,

Are you facing the same issue from beta endpoint https://graph.microsoft.com/beta/me as well.

If you are still facing the issue, please share the screenshot of the issues which will help us to troubleshoot and understand the issue better.

Hope this will help.

Thanks,
Shweta

---------------------------------------

Please remember to "Accept Answer" if answer helped you.

Frank 6 Reputation points

2022-11-21T14:42:25.787+00:00

I cannot get the permission in the state you have. I don't have "AllPrincipal" or "Principal" as consent type. This is way too convoluted IMO
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-11-22T05:39:11.05+00:00

Hi @Frank ,

This is the consent type you will see while modifying the permissions or Consent the permissions in Graph Explorer

Consent type indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user.

You can check the same permissions consented from Graph Explorer in the Azure Portal under Enterprise Applications to check if permissions have been consented correctly.

Could you please share the screenshots of your Graph Explorer where you consented for the permissions.

Thanks,
Shweta
Frank 6 Reputation points

2022-11-23T22:37:30.697+00:00

Cannot see Graph Explorer in the list when I search in All applications below.

When I log into Graph Explorer I cannot change permissions. They always seem to remain as below
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2022-11-28T04:12:26.257+00:00

The screenshots I posted is from Azure AD tenant account. Did you login with the account in Azure AD B2C tenant in the Graph Explorer?
Could you please confirm your scenario? Are you trying to get the details of users in the B2C tenant?
Frank 6 Reputation points

2022-11-28T14:27:15.003+00:00

Yes it's account in Azure AD B2C. I seem to be pretty restricted in Graph Explorer in terms of the permissions I can set. At the moment I'm just trying to get the details of the user I log in as. Thanks

Share via

graph explorer user attibutes null

3 answers

Your answer