Question 103900 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Next Auth Active Directory override profile with userinfo

I am using Next Auth to authenticate through Azure Active Directory. I am successfully able to do so but the profile object does not contain some info I need.

I am trying to get the "user type" and "account status" properties.

Here’s my code

providers: [
    AzureADProvider({
        clientId: process.env.AZURE_AD_CLIENT_ID,
        clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
        tenantId: process.env.AZURE_AD_TENANT_ID,
        userinfo: {
            url: 'https://graph.microsoft.com/v1.0/me/',
            params: {
                scope: 'https://graph.microsoft.com/user.read',
                grant_type: 'authorization_code'
            },
        },
    })
]

I don’t know what to do after this point or even if this is what I should do. Any help is appreciated.

UPDATE:
Here’s what I have after changing to what was suggested

    providers: [
    AzureADProvider({
        clientId: process.env.AZURE_AD_CLIENT_ID,
        clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
        tenantId: process.env.AZURE_AD_TENANT_ID,
        userinfo: {
            url: 'https://graph.microsoft.com/v1.0/me?$select=accountEnabled,userType,displayName,givenName,objectId,email,surname',
            params: {
                scope: 'https://graph.microsoft.com/user.read',
                grant_type: 'authorization_code',
            },
        },
        profile(profile) {
            return {
                id: profile.objectId,
                name: profile.displayName,
                lastName: profile.surname,
                firstName: profile.givenName,
                email: profile.email,
                userType: profile.userType,
                accountStatus: profile.accountEnabled
            };
        }
    })]

It seems like the profile data from the AzureADProvider is still being used because of the id token. I thought userinfo would overwrite it but it doesn’t seem to work that way unless I am doing it wrong.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I found a solution. I had to use the request function inside userinfo and fetch the profile data.

    AzureADProvider({
        clientId: process.env.AZURE_AD_CLIENT_ID,
        clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
        tenantId: process.env.AZURE_AD_TENANT_ID,
        userinfo: {
            url: 'https://graph.microsoft.com/v1.0/me?$select=id,userPrincipalName,accountEnabled,userType,givenName,surname',

            async request(context) {
                const response = await axios.get('https://graph.microsoft.com/v1.0/me?$select=id,userPrincipalName,accountEnabled,userType,givenName,surname',
                    {
                        headers: {
                            'Authorization': `Bearer ${context.tokens.access_token}`
                        }
                    }
                )

                const newProfile = await response.data

                return {
                    id: newProfile.id,
                    email: newProfile.userPrincipalName,
                    firstName: newProfile.givenName,
                    lastName: newProfile.surname,
                    userType: newProfile.userType,
                    accountStatus: newProfile.accountEnabled
                };
            }
        },
        profile(userinfo) {
            console.log(userinfo)
            return {
                id: userinfo.id,
                email: userinfo.userPrincipalName,
                firstName: userinfo.givenName,
                lastName: userinfo.surname,
                userType: userinfo.userType,
                accountStatus: userinfo.accountEnabled
            };
        }
    }),

  2. 0

    I tried to reproduce the same in my environment and got the results like below:

    I created Azure AD Application and granted API permissions:

    enter image description here

    I generated the Access Token using Authorization Code Flow by using parameters like below:

    GET https://login.microsoftonline.com/TenantId/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/user.read
grant_type:authorization_code
redirect_uri:RedirectUri
code:code

    enter image description here

    When I ran the same query as you, I dint get the userType and account status properties like below:

    GET https://graph.microsoft.com/v1.0/me

    enter image description here

    Note that : By default only businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName properties will be returned.

    To get the additional user properties, make use of $select like below:

    GET https://graph.microsoft.com/v1.0/me?$select=accountEnabled,userType

    enter image description here

    Modify the code like below:

    providers: [
    AzureADProvider({
        clientId: process.env.AZURE_AD_CLIENT_ID,
        clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
        tenantId: process.env.AZURE_AD_TENANT_ID,
        userinfo: {
            url: 'https://graph.microsoft.com/v1.0/me?$select=accountEnabled,userType',
            params: {
                scope: 'https://graph.microsoft.com/user.read',
                grant_type: 'authorization_code'
            },
        },
    })
]
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search