Obtain user information from bearer_token O365 for currently logged in user

Question

I have a bearer token from O365 and when i decode it no user information of the currently logged in user is present. I am able to obtain a token and decoded using jwt.io. The user information i require is the family_name, given_name and name of the user.

I can obtain a token with the user information however only if i change the grant_type to password and i specify a username and password. This gives me a delegated token with a refresh token and it contains the user information i require but this wont be possible based on the requirements.

Is there another way to obtain the user information from the token without changing the grant type to password?

Token Request using Ajax Request

var form = new FormData();
form.append("grant_type", "client_credentials");
form.append("client_id", "xxxxx-xxxxx-xxxx-xxxxxx");
form.append("client_secret", "xxxxxxxxxx");
form.append("scope", "https://graph.microsoft.com/.default");

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/xxxxxxxxxxx/oauth2/token",
  "method": "POST",
  "headers": {

    "cache-control": "no-cache",
    "postman-token": "4b326d42-a15d-c1ef-e2d3-2fb7f690b2ac"
  },
  "processData": false,
  "contentType": false,
  "mimeType": "multipart/form-data",
  "data": form
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

Bearer Token Result

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCIsImtpZCI6ImllX3FXQ1hoWHh0MXpJRXN1NGM3YWNRVkduNCJ9.eyJhdWQiOiIwMDAwMDAwMi0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9jZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMvIiwiaWF0IjoxNTY5MTY3MDM1LCJuYmYiOjE1NjkxNjcwMzUsImV4cCI6MTU2OTE3MDkzNSwiYWlvIjoiNDJGZ1lEaDE0WDU5OGNrT3Y5eGpjNm8vM0JIWkNRQT0iLCJhcHBpZCI6Ijc3OGVlNzNmLTg3OTQtNDVkZi05MDk1LTJhNjNhMTBiMmFkNCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2NlMTZkNGUwLTBhNTItNDAyOC05NWE5LWI0MjMxMDBhODE3My8iLCJvaWQiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJzdWIiOiJhYTZlMTI3Mi0xNmIyLTRhMDEtYTA4ZC03NmRkYmQ1MjRmMjYiLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiTkEiLCJ0aWQiOiJjZTE2ZDRlMC0wYTUyLTQwMjgtOTVhOS1iNDIzMTAwYTgxNzMiLCJ1dGkiOiI3WENYa0tydk5rQ05XWGdjVndHYUFBIiwidmVyIjoiMS4wIn0.nbRKMflEF7582CVhyyUDPV1KfwyjY1uMG9w5jRLGUkg_bkEiqqvjudT6X4s32szdSAYdwddXUmrWCoqPm5hkbPA4eOqDrYk_y-mvNZwrmr2ZdrpqH4ma_w39kuCIcq7_vRgKfpZ3r3i-c21Ilpgr92qI25WWqDOFgKVO1Pd4YVRqy9caZ7DVeiIp26BAqAFHwuLEEbhXakOqUXfh49LShzTwpzl-8UaIQBzyoiFUWksA2OdM1cTaf-LSTYjwKXu5IN7rJ7z6xkC3YSLmctOPP2a1Y3PpYAlGbKmSdde5do4rIckiFRcwoUsqGGFOkzuyHUwU0na26-DLDLEB8DJ1og

I am not to sure if the aud is correct

Answer 1

I did some research and came across this solution which requires you to do these steps in an order to achieve the required information. Basically there is a code returned from the authorization (login) response that is used to obtain the token.

This token will contain the user information and is then used to access Microsoft Graph API and to get the user information. See Use the access token to call Microsoft Graph