Hi @David Thielen , according to your code snippet, I'm afraid that you are following this document to add Micrsoft Account login as an external sign-in option for asp.net core identity. Therefore I had a test in my side and I found that even if we didn't add User.Read
as the scope, it already has this scope by default.
But since we are not able to add configurations to let the sign-in callback to bring more detailed user profile information, we could only call MS Graph API manually with the access token. You can try codes below.
builder.Services.AddAuthentication()
.AddMicrosoftAccount(microsoftOptions =>
{
microsoftOptions.ClientId = "xxx";
microsoftOptions.ClientSecret = "xxx";
var scps = microsoftOptions.Scope;
microsoftOptions.Events.OnCreatingTicket = async context =>
{
// Access the claims here
var claims = context.Principal?.Claims;
var accessToken = context.AccessToken;
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
var response = await httpClient.GetAsync("https://graph.microsoft.com/v1.0/me");
var content = await response.Content.ReadAsStringAsync();
};
});
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Tiny