What is the proper application permission to access user profile

Question

I have a MVC web app that needs to get Graph API to return all groups a person belong to. This is the URL I use https://graph.microsoft.com/v1.0/users/{userID}/transitiveMemberOf/microsoft.graph.group?$count=true This URL returns the expected data on Graph Explorer. However, when I try to use the same URL using tool such as Postman, the proper number of data are returned but with NULL for all but ID field. I'm guessing this is because some permissions are missing, but I can't find what permission are required. Steps taken:

1. I first obtained access token https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token.
2. I then use the token obtained from above as the bearer token to run the URL https://graph.microsoft.com/v1.0/users/{userID}/transitiveMemberOf/microsoft.graph.group?$count=true
3. Data returned with NULL values Please advise. Thanks.

Answer 1

Hi @Luan-i Jackson
Based on my tests, you need to grant your app Directory.Read.All application permissions or both User.Read.All and Group.Read.All application permissions to get the full field values.

1. Use the client credentials flow to get an access token.
2. Call the graph API:

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.