API permission User,Read is already there but still not able to get photo.
malimings@gmail.com has been added to our organization
Hi,
In order to sign in to azure ad account. Please do the following steps"
you can sign in with any Microsoft account that you will provide us. We will add this account to Azure AD and will send you the invitation to accept it.
Replace appsettings.development in AuthServer project "AzureAd": { "Instance": "https://login.microsoftonline.com/", "TenantId": "9affbb38-3096-4eb1-bcac-4b709bedc8af", "ClientId": "b53c656e-f7eb-4474-a7bc-826bf93eed03", "Domain": "domain.onmicrosoft.com", "CallbackPath": "/signin-azuread-oidc", "SignedOutCallbackPath ": "/signout-azuread-oidc", "ClientSecret": "Amw8Q~gPtjSivovD-j1TKgI~JuNHfbl7LwKB8c6g" },
Comment the validation lines related to employee, civilid and dcu/oracle in OnPostAsync (AuthServer/Pages/Account/Register.cshtml.cs) handler
//if (Input.EmployeeNo <= 0) //{ // throw new UserFriendlyException("Invalid Employee No"); // //Alerts.Danger("Invalid Employee Number"); // //return Page(); //}
////civil id validation //if (!ValidateTool.ValidateCivilId(Input.CivilId.ToString())) //{ // throw new UserFriendlyException("Invalid CivilId"); //}
#region check validation from dcu // var data = await new RestSharpFactory().ExecuteJsonAsync<bool>( // _configuration["Services:OracleEbs_V1"], // "Employees/CheckValidityRegisterEmployee", // Method.Get, // queryParams: new Dictionary<string, string> { // { "employeeNo", Input.EmployeeNo.ToString() }, // { "civilId", Input.CivilId.ToString()} // });
// if (data.StatusCode == 200) // { // if (!data.Data) // { // throw new UserFriendlyException("Invalid Employee"); // } //}else // { // throw new UserFriendlyException("Oracle service has issue ("+data.StatusCode+" - "+(data.Messages.Count > 0 ? data.Messages.FirstOrDefault():"")+")" ); //}
#endregion
We shared the link of the uploaded project with you at liming.ma@volosoft.com
Our primary objective is to save the azure profile photo with register page of AuthServer.
Maybe getting photo on OnTokenValidated event is not good enough. I am not sure about it. So please help us to find the resolution for this.
options.Events.OnTokenValidated = async tokenValidatedContext => { //not working //var photoClaim = tokenValidatedContext.Principal.Claims.FirstOrDefault(x => x.Type == "photo"); //var accessToken = await tokenValidatedContext.HttpContext.GetTokenAsync("access_token");
var accessToken = tokenValidatedContext.TokenEndpointResponse.AccessToken;
//return Task.FromResult(Task.CompletedTask);
var client = new RestClient("https://graph.microsoft.com/v1.0/");
var request = new RestRequest("me/photo/$value", Method.Get);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + accessToken);
RestResponse response = await client.ExecuteAsync(request);
var aa = response.RawBytes;
};
I have already checked this and passed to graph API as mentioned in the code above but it is not authorizing it. Once I checked the details of this access token with jwt.io that is actually a JWT token. Maybe because of this reason graph API is not authorizing.
AuthServerModule.cs
.AddOpenIdConnect("AzureOpenId", "SbgEmailAccount", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.Code; // CodeIdToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.SignedOutCallbackPath = configuration["AzureAd:SignedOutCallbackPath"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Prompt = "consent";
options.Scope.Add("profile");
options.Scope.Add("email");
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
options.Events.OnTokenValidated = async tokenValidatedContext =>
{
//not working
//var photoClaim = tokenValidatedContext.Principal.Claims.FirstOrDefault(x => x.Type == "photo");
var accessToken = await tokenValidatedContext.HttpContext.GetTokenAsync("access_token");
//var accessToken = tokenValidatedContext.TokenEndpointResponse.AccessToken;
//return Task.FromResult(Task.CompletedTask);
var client = new RestClient("https://graph.microsoft.com/v1.0/");
var request = new RestRequest("me/photo/$value", Method.Get);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + accessToken);
RestResponse response = await client.ExecuteAsync(request);
var aa = response.RawBytes;
};
}
```
await httpContext.GetTokenAsync("access_token");
I am trying to get access token to get photo through Graph API but it is returning null.
well, we are using ABP as our Auth-Server , we already configure this Server to to authenticate with our Azure Active Directory service using OpenIddic , users in our Azure AD has their photos upload there ,we want to fetch this user photos and save it in our Auth-Server database in table ([AbpBlobs]) with the generate User ID once the User grant permission to Auth-Server
It is saving values now.
Thanks