profile
Allows the app to see your users' basic profile (e.g., name, picture, user name, email address)
profile is an OpenID Connect (OIDC) scope.
You can use the OIDC scopes to specify artifacts that you want returned in Azure AD authorization and token requests. They are supported differently by the Azure AD v1.0 and v2.0 endpoints.
With the Azure AD v1.0 endpoint, only the openid scope is used. You specify it in the scope parameter in an authorization request to return an ID token when you use the OpenID Connect protocol to sign in a user to your app. For more information, see Authorize access to web applications using OpenID Connect and Azure Active Directory. To successfully return an ID token, you must also make sure that the User.Read permission is configured when you register your app.
With the Azure AD v2.0 endpoint, you specify the offline_access scope in the scope parameter to explicitly request a refresh token when using the OAuth 2.0 or OpenID Connect protocols. With OpenID Connect, you specify the openid scope to request an ID token. You can also specify the email scope, profile scope, or both to return additional claims in the ID token. You do not need to specify the User.Read permission to return an ID token with the v2.0 endpoint. For more information, see OpenID Connect scopes.
The Microsoft Authentication Library (MSAL) currently specifies offline_access, openid, profile, and email by default in authorization and token requests. This means that, for the default case, if you specify these scopes explicitly, Azure AD may return an error.
| Category | Application | Delegated |
|---|---|---|
| Identifier | - | 14dad69e-099b-42c9-810b-d002981feec1 |
| DisplayText | - | View users' basic profile |
| Description | - | Allows the app to see your users' basic profile (e.g., name, picture, user name, email address) |
| AdminConsentRequired | Yes | No |
Graph Methods
Note
This permission does not have any graph methods published.