Can't get address or phone from Microsoft Login

David Thielen 3,186 Reputation points
2025-01-22T18:56:38.86+00:00

Hi all;

I have a Blazor Server app using the Identity Library. I have added the following code and it works for login:

var microsoftClientId = configMgr.GetValue("Authentication:Microsoft:ClientId"); 
var microsoftClientSecret = ((***Redacted***by***CredScan***))lt;string>("Authentication:Microsoft:ClientSecret"); 
// Add authentication services
if ((!string.IsNullOrEmpty(microsoftClientId)) && !string.IsNullOrEmpty(microsoftClientSecret))
	{
		auth.AddMicrosoftAccount(options => 
		{
			options.ClientId = microsoftClientId;
			options.ClientSecret = ((***Redacted***by***CredScan***));
            options.Scope.Add("User.Read");
			});
		oauthInitialized++; 				
    }

Except the options.Scope.Add("User.Read") does nothing. Or at least there are no additional claims on the passed in Principal. What do I need to do to get the user's address & phone number?

Preferably in a way that Microsoft prompts them and says passing that information is optional to the user.

thanks - dave

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,771 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,138 questions
0 comments No comments
{count} votes

Accepted answer
  1. Tiny Wang-MSFT 3,141 Reputation points Microsoft Vendor
    2025-01-23T05:45:14.2733333+00:00

    Hi @David Thielen , according to your code snippet, I'm afraid that you are following this document to add Micrsoft Account login as an external sign-in option for asp.net core identity. Therefore I had a test in my side and I found that even if we didn't add User.Read as the scope, it already has this scope by default.

    User's image

    But since we are not able to add configurations to let the sign-in callback to bring more detailed user profile information, we could only call MS Graph API manually with the access token. You can try codes below.

    builder.Services.AddAuthentication()
       .AddMicrosoftAccount(microsoftOptions =>
       {
           microsoftOptions.ClientId = "xxx";
           microsoftOptions.ClientSecret = "xxx";
           var scps = microsoftOptions.Scope;
           microsoftOptions.Events.OnCreatingTicket = async context =>
           {
               // Access the claims here
               var claims = context.Principal?.Claims;
               var accessToken = context.AccessToken;
               var httpClient = new HttpClient();
               httpClient.DefaultRequestHeaders.Authorization =
                   new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
               var response = await httpClient.GetAsync("https://graph.microsoft.com/v1.0/me");
               var content = await response.Content.ReadAsStringAsync();
           };
       });
    
    

    User's image


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,

    Tiny


1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 70,776 Reputation points
    2025-01-22T20:46:32.5+00:00

    typically you would call the Graph API to user profile (you app needs to given permission in Entra Id). see the explorer app

    https://developer.microsoft.com/en-us/graph/graph-explorer

    you can also add user profile attributes to login token:

    https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-add-attributes-to-token

    don't forget to configure blazor to copy claims to authentication state.

    https://learn.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-9.0&tabs=visual-studio

    note: I typically call Graph API after authentication, and create a user principal with the addition claims rather than custom mapping.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.