Fetch profile image from Azure Active Directory with Next-Auth authentication
I am able to fetch below details from Azure AD provider while using Next-Auth, but unable to fetch profile picture.
{
ver: '2.0',
iss: 'https://login.microsoftonline.com/xxxxxxxx-0000-xxxx-xxxx-xxxxxxxxxx/v2.0',
sub: 'xxxxxxxxxxxxxxx',
aud: 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
exp: 0000000000,
iat: 0000000000,
nbf: 0000000000,
name: 'Dibyendu Saha',
preferred_username: '[email protected]',
oid: '00000000-0000-0000-000-0000000000000',
email: '[email protected]',
tid: 'xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx',
aio: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
I also want to fetch first name and surname also in addition to profile picture.
I have checked the documentation from 'https://next-auth.js.org/providers/azure-ad'. I have checked the note as well:
Azure AD returns the profile picture in an ArrayBuffer, instead of just a URL to the image, so our provider converts it to a base64 encoded image string and returns that instead. See: https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0#examples. The default image size is 48x48 to avoid running out of space in case the session is saved as a JWT.
Next Auth Provider code as below:
AzureADProvider({
clientId: process.env.AZURE_AD_CLIENT_ID as string,
clientSecret: process.env.AZURE_AD_CLIENT_SECRET as string,
profile: (profile: AzureADProfile) => {
console.log(profile);
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: profile.picture,
firstName: profile.name,
lastName: profile.name
};
},
}),
I created an Azure AD Application and generated tokens via Postman by using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
scope:https://graph.microsoft.com/.default openid offline_access
code:code
redirect_uri:https://jwt.ms
grant_type:authorization_code
client_secret:ClientSecret
When I decoded the access token, there is no profile picture details displayed:
Note that: To fetch the user's profile picture you need to call Microsoft Graph API. You cannot get user's profile image from Azure AD tokens.
To fetch the User's profile picture, grant User.Read.All API permission:
And generate the access token for Microsoft Graph API like below:
Pass scope as https://graph.microsoft.com/.default
Using the above access token, you can fetch the signed in user's Profile picture by using below query:
GET https://graph.microsoft.com/v1.0/me/photo/$value
If you want to pass UserID make use of below query:
https://graph.microsoft.com/v1.0/users/UserID/photo/$value
To do the same in nextauth.js use the below sample code:
providers: [
AzureADProvider({
clientId: process.env.AZURE_AD_CLIENT_ID,
clientSecret: process.env.AZURE_AD_CLIENT_SECRET,
tenantId: process.env.AZURE_AD_TENANT_ID,
authorization: { params: { scope: "User.Read.All openid offline_access" } },
}),
],
async profile(profile, tokens) {
const profilePicture = await fetch(
`https://graph.microsoft.com/v1.0/me/photos/${profilePhotoSize}x${profilePhotoSize}/$value`,
{
headers: {
Authorization: `Bearer ${tokens.access_token}`,
},
}
)
if (profilePicture.ok) {
const pictureBuffer = await profilePicture.arrayBuffer()
const pictureBase64 = Buffer.from(pictureBuffer).toString("base64")
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: `data:image/jpeg;base64, ${pictureBase64}`,
}
} else {
return {
id: profile.sub,
name: profile.name,
email: profile.email,
}
}
}
References:
Get profilePhoto - Microsoft Graph v1.0
Azure AD Provider - Profile image doesn't work · Issue #5376 · nextauthjs/next-auth · GitHub by drewgillen
- Invalid operands found for operator -eq
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API
- How to create a feature burndown chart in Azure DevOps?
- Why is this "call is ambiguous between the following methods or properties" when calling ValidateOnStart?
- How to write a Bicep API Connection formrecognizer with api key
- Where can I find docker container logs for Azure App Service
- will looping GetBlobsAsync() but doing nothing in the loop body read the contents of the blob
- Connect to OneDrive using Python (msal) and client secret
- How to debug ServiceBus-triggered Azure Function locally?
- Does Azure Cognitive Services support (detect and compare) Handwritten Signatures and Stamps from two images?
- Modify ARM-Template for quick deployment
- Does anyone have implemented auxiliary logs deployment in sentinel?
- Get request headers in azure functions NodeJs Http Trigger
- Filter specific items that are alone in an array of Collection String in Azure Search
- Trouble obtaining access token for managed identity with application role
- Azure Autoscaling Duration Time and Cool Down Time
- Partition Key for Cosmos DB