Cannot get User Information within B2C Access Token

def get_access_token(authorization_code):
        
    token_url = "https://login.microsoftonline.com/xxxx-xxxx-xxxx-xxxx-xxxxcxxxxe/oauth2/v2.0/token" 
    redirect_uri = "https://localhost/api/oauth2/callback" 
    client_id = "xxxxxx-xxx-xxxx-xxx-xxxxxx"
    client_secret = "xxxx~xxxxx~xxxx_xxxxxxxxx"
    scope = "https://graph.microsoft.com/.default"


    headers = {'Content-Type' : 'application/x-www-form-urlencoded'}
    token_data = {
        'grant_type': 'client_credentials',
        'code': authorization_code,
        'redirect_uri': redirect_uri,
        'client_id': client_id,
        'client_secret': client_secret,
        'scope': scope,
        }

    response = requests.post(token_url, headers = headers, data=token_data)
    token_json = response.json()

    if 'access_token' in token_json:
        return token_json['access_token']
    else:
        raise Exception(f"Error fetching access token: {token_json.get('error_description', 'Unknown error')}")

I can't find any user information within the bearer that Microsoft provides. The token end point seems to be correct and I get all the user info within Microsoft Graph Explorer but can't on my django app.

The error is because you are making use of Authorization code flow but passing parameter value as client credentials for grant_type.

Initially, I registered Microsoft Entra ID Application in B2C tenant:

enter image description here

Granted Delegated type User.Read.All API permission:

enter image description here

To resolve the error modify code l:

import requests

def get_access_token(authorization_code):
    # Replace these with your actual values
    tenant_id = "<tenant_id>"  # Update this with your actual tenant ID
    token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
    redirect_uri = "http://localhost:5000"  # This must match the redirect URI configured in your app registration
    client_id = "<client_id>"  # Your app's client ID
    client_secret = "<client_secret>"  # Your app's client secret
    scope = "https://graph.microsoft.com/.default"  # The scope for your request

    # Set up the headers and body for the token request
    headers = {'Content-Type': 'application/x-www-form-urlencoded'}
    token_data = {
        'grant_type': 'authorization_code',  # Use authorization_code for this flow
        'code': authorization_code,  # The authorization code received from the redirect
        'redirect_uri': redirect_uri,  # Redirect URI must match the one configured in your app
        'client_id': client_id,  # The app's client ID
        'client_secret': client_secret,  # The app's client secret
        'scope': scope,  # Scopes you want to request
    }

    # Make the POST request to get the token
    response = requests.post(token_url, headers=headers, data=token_data)
    
    # Parse the response and check for errors
    token_json = response.json()

    # Check if the access token was successfully obtained
    if 'access_token' in token_json:
        return token_json['access_token']
    else:
        error_message = token_json.get('error_description', 'Unknown error')
        raise Exception(f"Error fetching access token: {error_message}")

def get_users(access_token):
    # Initial URL for fetching users from Microsoft Graph API
    graph_url = "https://graph.microsoft.com/v1.0/users"
    headers = {"Authorization": f"Bearer {access_token}"}
    
    users = []
    
    while graph_url:
        response = requests.get(graph_url, headers=headers)
        if response.status_code == 200:
            data = response.json()
            users.extend(data.get("value", []))  # Add the current batch of users
            graph_url = data.get("@odata.nextLink")  # Get the next page link, if it exists
        else:
            raise Exception(f"Error fetching users: {response.status_code} - {response.text}")
    
    return users

def print_users(users):
    # Print user details in a formatted table
    print(f"{'Display Name':<30} {'ID':<40} {'Email':<40}")
    print("-" * 110)
    
    for user in users:
        display_name = user.get("displayName") or "N/A"  # Safely handle None values
        user_id = user.get("id") or "N/A"  # Safely handle None values
        email = user.get("mail") or "N/A"  # Safely handle None values
        print(f"{display_name:<30} {user_id:<40} {email:<40}")

# Example usage
authorization_code = input("Enter the authorization code: ")
try:
    # Step 1: Get the access token
    access_token = get_access_token(authorization_code)
    print("Access token :", access_token)

    # Step 2: Get the list of users using the access token
    users = get_users(access_token)

    # Step 3: Print the users with displayName, id, and mail
    print_users(users)
except Exception as e:
    print(e)

To get code, I ran below authorization request in browser:


https://login.microsoftonline.com/<b2c_tenant_id>/oauth2/v2.0/authorize? 
&client_id=<app_id>
&client_secret = <client_secret>
&redirect_uri= http://localhost:5000
&response_type=code  
&response_mode=query  
&scope= https://graph.microsoft.com/.default

enter image description here

Response:

enter image description here

enter image description here

Back to Top