azure graph api error on get profile picture in react MSAL

Question

I'm able to get the users token for my react app for the graph API but I'm getting an error on the request for

https://graph.microsoft.com/v1.0/users/me/photo/$value

I'm using the scope https://graph.microsoft.com/User.Read on the MSAL with this code:

  const GraphRequest = {
    scopes: ["https://graph.microsoft.com/User.Read"],
    account: accounts[0],
  };    
instance.acquireTokenSilent(GraphRequest).then((graphResponse) => {
      setBearerToken(graphResponse.accessToken);

with this token I do the get request like so:

  Axios.get(`https://graph.microsoft.com/v1.0/users/me/photo/$value`, {
    headers: { Authorization: `bearer ${BearerToken}` },
    responseType: "blob",
  }).then((o) => {
    const url = window.URL || window.webkitURL;
    const blobUrl = url.createObjectURL(o.data);
    setImageUrl(blobUrl);
  });

the problem is the return shows no error message its blank and I'm not sure what the error is it just says 401 unauthorized

{
"error": {
    "code": "UnknownError",
    "message": "",
}

in the azure app registry I have permissions for user profile and the user.read so not sure where else to go here without a reason for the error I get the same in postman

Update

changed url request to https://graph.microsoft.com/v1.0/me/photo/$value and still get the same issue and in post man

Answer 1

You are using wrong MS Graph query that might be the reason behind getting 401 Unauthorized error.

The correct query to get profile picture of signed-in user is:

GET https://graph.microsoft.com/v1.0/me/photo/$value

I registered one Azure AD application and added same API permissions like below:

To get authorization code value, I used below authorization request:

https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
?client_id=<appID>
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345

I got code successfully in address bar after signing in as Sri user, by running above request in browser like this:

Now, I generated access token using authorization code flow via Postman with below parameters:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token

grant_type:authorization_code
client_id: <appID>
client_secret: <secret>
scope: https://graph.microsoft.com/User.Read
code: <code_from_above>
redirect_uri: https://jwt.ms

Response:

When I used this token while running below query, I got profile picture of signed-in user successfully like below:

GET https://graph.microsoft.com/v1.0/me/photo/$value
Authorization: Bearer <token>

Response:

When I checked it in Portal, the profile picture of signed-in user is same as below:

In your case, modify your query by removing /users in it and use right query like below:

https://graph.microsoft.com/v1.0/me/photo/$value