"id_token" is not present in Oauth2 token received from Microsoft login for some users.

ashutosh 5 Reputation points
2023-08-16T06:00:32.3433333+00:00

I am using Microsoft as an Identity provider in my application. The problem is that I am not receiving "id_token" in Oauth2 token response even though I am requesting "openid" scope (scopes requested: openid profile email) everytime. For only one user it is working fine and for all the other users we are facing this issue.
I am using the common authorization and token endpoints: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

Two factor authentication is enabled for the organisation in which the MS app is created. The Include ID Token in OAuth token option in the MS app is also enabled

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
686 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,847 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ashutosh 5 Reputation points
    2023-09-15T07:44:06.5133333+00:00

    This was resolved by requesting for an additional scope "User.Read" apart from the basic scopes ("openid", "profile" and "email") during user authentication. It appears that this also depends on the AD settings of the organisation to which the user belongs. For some users the basic scopes were enough to get the id_token in OAuth2 token response, but for users belonging to some specific organisation "User.read" scope had to be added to get id_token in OAuth2 token response.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.