I am implementing Azure OAuth2 authentication in Oracle APEX. The authentication process works correctly, and I can successfully obtain the access token. I can display the user’s email address using the name field. However, I am facing issues retrieving other user attributes, specifically given_name and group memberships.

I am using the /userinfo endpoint from the Microsoft Graph API to fetch these details. Despite including the necessary scopes (openid, email, profile, user.read, etc.) in the authorization request, the response only provides the email address and does not include other expected attributes such as given_name or group memberships.

What I’ve Tried:

Ensured the authorization request includes all necessary scopes.
Verified the access token is correctly obtained and used for subsequent API requests.
Issue:
The response from the /userinfo endpoint does not include additional user attributes beyond the email address.

Question:
How can I configure the Azure OAuth2 provider or the request to retrieve comprehensive user details, such as given_name and, in the future, group memberships defined in Azure?

Any guidance or examples from those who have successfully retrieved these details in a similar setup would be highly appreciated!

What I Tried:

Implemented Azure OAuth2 Authentication:

Successfully set up the authentication flow in Oracle APEX.
Obtained an access token from Azure after user authentication.
API Request to /userinfo:

Made a request to the /userinfo endpoint of the Microsoft Graph API using the access token.
Included scopes like openid, email, profile, user.read to ensure access to user information.
Attempted to Retrieve User Information:

Successfully retrieved and displayed the user’s email address using the name field.
Tried Changing the Username Attribute:

Attempted to set given_name instead of email for the username field in the authentication setup.
What I Expected:

I expected to receive a more comprehensive set of user attributes in the response, specifically:

given_name: The user’s first name.
Additional user profile details beyond the email address, such as family_name and preferred_username.
Future Expectation:

Ability to fetch group memberships or roles associated with the user as defined in Azure AD.
Issue Encountered:

When changing the username attribute to given_name, I encountered an ACL error, preventing access to the desired user information. This indicates a potential permissions issue or a misconfiguration in the API call setup.