Azure active directory Microsoft openid登录流图片访问

我有一个使用preview 2.0端点的MVC应用程序。对于配置文件图像不是默认对象，我有点失望。话虽如此，我在试图弄清楚如何使用端点正确地获取配置文件图片时遇到了一些问题

---

有什么想法吗？

Azure广告的OpenId connect目前不支持获取您提到的用户档案图片

但是，如果您只使用Azure AD帐户，我们可以使用Microsoft Graph单独获取用户配置文件图片。要调用此REST，我们可以将User.Read范围授予应用程序，以下是代码供您参考：

 app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // The `Authority` represents the v2.0 endpoint - https://login.microsoftonline.com/common/v2.0
                // The `Scope` describes the initial permissions that your app will need.  See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/                    
                ClientId = clientId,
                Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, "common", "/v2.0"),
                RedirectUri = redirectUri,                    
                Scope = "openid email profile offline_access Mail.Read User.Read",
                PostLogoutRedirectUri = redirectUri,
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false,
                    // In a real application you would use IssuerValidator for additional checks, like making sure the user's organization has signed up for your app.
                    //     IssuerValidator = (issuer, token, tvp) =>
                    //     {
                    //        //if(MyCustomTenantValidation(issuer)) 
                    //        return issuer;
                    //        //else
                    //        //    throw new SecurityTokenInvalidIssuerException("Invalid issuer");
                    //    },
                },
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    AuthorizationCodeReceived = async (context) =>
                    {
                        var code = context.Code;
                        string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                        ConfidentialClientApplication cca = new ConfidentialClientApplication(clientId, redirectUri,
                           new ClientCredential(appKey), 
                           new MSALSessionCache(signedInUserID, context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase));
                        string[] scopes = { "Mail.Read User.Read" };
                        try
                        {
                            AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(scopes, code);
                        }
                        catch (Exception eee)
                        {

                        }
                    },
                    AuthenticationFailed = (notification) =>
                    {
                        notification.HandleResponse();
                        notification.Response.Redirect("/Error?message=" + notification.Exception.Message);
                        return Task.FromResult(0);
                    }
                }
            });

然后我们可以获得Azure广告用户的个人资料图片，如下面的请求：

Get: https://graph.microsoft.com/v1.0/me/photo/$value
authorization: bearer {token}

---

根据测试，Microsoft Graph目前不支持获取Microsoft帐户的配置文件图片。您可以从提交反馈，如果您希望它也支持Microsoft帐户

你指的是什么流程？OIDC，OAuth？通常，图形用于获取附加信息。