What is the proper application permission to access user profile

Luan-i Jackson 40 Reputation points
2023-04-17T21:11:20.56+00:00

I have a MVC web app that needs to get Graph API to return all groups a person belong to. This is the URL I use https://graph.microsoft.com/v1.0/users/{userID}/transitiveMemberOf/microsoft.graph.group?$count=true This URL returns the expected data on Graph Explorer. However, when I try to use the same URL using tool such as Postman, the proper number of data are returned but with NULL for all but ID field. I'm guessing this is because some permissions are missing, but I can't find what permission are required. Steps taken:

  1. I first obtained access token https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token.
  2. I then use the token obtained from above as the bearer token to run the URL https://graph.microsoft.com/v1.0/users/{userID}/transitiveMemberOf/microsoft.graph.group?$count=true
  3. Data returned with NULL values Please advise. Thanks.
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,867 questions
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 37,871 Reputation points
    2023-04-18T03:05:15.1+00:00

    Hi @Luan-i Jackson
    Based on my tests, you need to grant your app Directory.Read.All application permissions or both User.Read.All and Group.Read.All application permissions to get the full field values.

    User's image

    1. Use the client credentials flow to get an access token.
    2. Call the graph API:

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful