Hi @Joe Green ,
The above details you are getting is the access token claims. To request or get user details using Microsoft graph require access token in Azure AD which will authenticate and authorize the user to get the user's details on his behalf.
There are different authorization providers (authProvider) to get the access token based on the application types.
To get the access token on user's behalf, we can use authorization provider which will authenticate the user and provide the user's details in the claims as you mentioned above.
Here the aud claim in token indicates that the token is intended for which audience or resource (in your case that would be https://graph.microsoft.com) and other claims are related to access token.
To get the user's details, you would require user.Read permissions which you will be able to see in the scope claim of access token.
Once you will get the access token with correct audience and scope, this needs to pass as bearer token in the authorization header to get the user's details.
public static async Task<CachedUser> GetUserDetailsAsync(string accessToken)
{
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", accessToken);
}));
var user = await graphClient.Me.Request()
.Select(u => new {
u.DisplayName,
u.Mail,
u.UserPrincipalName
})
.GetAsync();
where graphClient.Me is calling https://graph.microsoft.com/v1.0/me endpoint to get the user's details of logged in user.
To get the user's details on behalf of other's user, you need to pass user-id of that user which is the object-id of the added user in your Azure active directory.
var user = await graphClient.Users["{user-id}"]
.Request()
.Select("displayName,givenName,postalCode,identities")
.GetAsync();
Hope this will help you.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.