Azure AD Enterprise connection profile picture

Hi there, I’m currently seeking to reference a users profile picture when they login via an Azure AD enterprise connection.

I’ve got extended profile enabled, and the profile is being accessed correctly, with the exception of the profile picture, which is always being returned as a gravatar link.

Based on some research, I’ve come across the following link

This all makes sense, however in my login action, I don’t have access to an access token (event.user.identities[0].access_token). I’m guessing this might be because I’m using MS Identity Platform v2.

Could someone advise what the best way forward is here?

Thanks in advance.

Hi @Curiious !
I did a quick search over Azure AD’s documentation and things seem to be in the same state as when I wrote the article 5 years ago: Azure AD doesn’t provide the standard picture claim with a URL in the ID Token (or even in the profile endpoint), as others identity providers do, so Auth0 falls back to the gravatar picture.
You guess correctly that the MS Identity Platform v2 implementation for Azure AD connections does not store the AAD access token for you to use. So if you really need the picture the only option is to go back to the “Azure Active Directory (v1)” strategy and fetch the picture in a rule as I described in the linked article.

3 Likes

Ok, thanks for the clarification!

1 Like

Thanks for helping on this one Nico!

Hi Folks, just jumping back in here before this closes.

I’ve changed the integration back to Azure Active Directory (v1) but the token is still not exposed. In @nicolas_sabena 's example, he’s using a rule to access the access_token. Our implementation is an action. Is it possible to do this via an action? Its looks like actions are the focus of development going forward, and would prefer to not revert to a rule if possible.