Firebase - Microsoft SSO returns UPN instead of the SMTP email address

Question

I am using THIS Firebase documentation to create an SSO and it is working great, like expected but there is one problem for me, the sign up returns the UPN (User Principal Name) instead of SMTP address because the UPN is different from SMTP address. Is there a way to return the SMTP address when signing up instead of the UPN? This change from UPN to SMTP is very important for this project as I need that email to run another API which requires the SMTP address. Is there any way to get the SMTP address?

score 1 · Accepted Answer · answered Mar 08 '22 at 13:54

1

I solved it, Just use the Microsoft's Graph API and pass the access token given to you when you sign in or sign up a user using Microsoft

async authenticate() {
signInWithPopup(auth, provider)
  .then(async (result) => {
    const credential = OAuthProvider.credentialFromResult(result);
    const accessToken = credential.accessToken;
    var myHeaders = new Headers();
    myHeaders.append("Authorization", `Bearer ${accessToken}`);

    var requestOptions = { method: 'GET', headers: myHeaders, redirect: 'follow' };
    let response = (await (await fetch("https://graph.microsoft.com/v1.0/me", requestOptions)).json()).mail;
    console.log(response);
  })
  .catch((error) => {
    console.error(error);
  });

}

this snippet will give you the actual email address rather than the UPN.

answered Mar 08 '22 at 13:54

user18318129

21
3

1

I get a `401` error: `Required claim nbf not present in token` as stated in this question as well: [https://stackoverflow.com/questions/72394513/required-claim-nbf-not-present-in-token-using-firebase-microsoft-signin-trying](https://stackoverflow.com/questions/72394513/required-claim-nbf-not-present-in-token-using-firebase-microsoft-signin-trying) – m.spyratos Feb 24 '23 at 18:48
I am hitting the same block as @m.spyratos. I have an R Shiny web app that uses the firebase package for R on CRAN. It works perfect for authentication and I have users logging into the app via their Active Directory profiles. I am trying to use the microsoft access token that is returned upon login to access the Graph API in order to retrieve the user's profile photo, however the access token is invalid with call to Graph API returning the same `401: Required claim nbf not present in token`. Can anyone point me in the right direction on how to add that claim from firebase? – BilboBaagins Mar 20 '23 at 14:57
@BilboBaagins Unfortunately it seems as either one of Firebase's or Graph's update has broken this feature. Graph requires this information in the token, but Firebase does not include it. They even mention the above in their documentation, which actually doesn't work: `On successful completion, the OAuth access token associated with the provider can be retrieved from the firebase.auth.UserCredential object returned. Using the OAuth access token, you can call the Microsoft Graph API.`. https://firebase.google.com/docs/auth/web/microsoft-oauth. I ended up using Microsoft's npm package – m.spyratos Mar 21 '23 at 19:15

Firebase - Microsoft SSO returns UPN instead of the SMTP email address

1 Answers1