Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile photo not showing when logging in with Azure AD #439

Open
wickings-n opened this issue Oct 1, 2024 · 4 comments
Open

Profile photo not showing when logging in with Azure AD #439

wickings-n opened this issue Oct 1, 2024 · 4 comments

Comments

@wickings-n
Copy link

I setup an app registration in Azure with delegated API permissions for "email, openid and profile", which is the same scope as defined in the project from node module next-auth (src/node_modules/next-auth/providers/azure-ad.js)

Login works fine, email and name is shown correct when logging in with Microsoft 365 login.

But no profile photo showing in e.g. chat and menu. I tried adding the "User.Read" permissions to the scope and API permissions, did not help (mentioned in MS docs as relevant permission to retrieve profile photo: https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0&tabs=http)

What am I missing, anyone facing the same issue or fixed it?

Thanks.
@fsch-ppi
Copy link

fsch-ppi commented Oct 2, 2024

We also have the same issue with our organization!

@samiidris
Copy link

Also looking for a resolution to this here thanks!

@DakotaWray2
Copy link

DakotaWray2 commented Oct 11, 2024
edited
Loading

If you working with Azurechat in an enterprise with AzureAD the photo is not exposed with the default user.read scope. You can add additional scopes, including ProfilePhoto.Read.All, to your implementation by modifying the next-auth configuration in auth-api.ts. Personally I have not done this with profile photos but I pass additional scopes to enrich default functions with calendar.read, bookmark.read.all, user.readbasic.all etc. Next-auth does not have built in token refresh logic so you will need to implement it manually if you want to use additional graph scopes. Happy to provide additional details if interested.

You can also inspect the account, profile and user objects in the jwt callback to see if a profile photo value is returned in any of them and pass it to the session.

@marwic-norlys
Copy link

@DakotaWray2 appreciate the input, thanks!

I tried adding ProfilePhoto.Read.All as Delegated permission, granted ok, still same - no profile photo showing.

I see in the next-auth azure-ad.js that its using this endpoint to fetch the profile photo:
https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value

When testing this manually with Graph Explorer on same Azure AD, all is working, it fetches my profile photo in e.g. 48x48.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@DakotaWray2 @wickings-n @fsch-ppi @marwic-norlys @samiidris