截至今天,文档建议使用 Microsoft Graph 而不是 Azure AD Graph API 来访问 Azure AD/B2C 资源.
以前,使用 Azure AD Graph API,我们可以使用类似的查询
以上内容适用于内置策略.
As of today the documentation recommends to use Microsoft Graph instead of Azure AD Graph API to access Azure AD / B2C resources.
Before, with Azure AD Graph API, we could use queries like https://graph.windows.net/[tenant]/users/1a2a9c4d-fc59-4fd9-ad14-b72b549cdf6a?api-version=2013-11-08
and the response included Azure B2C custom attributes (created on Azure portal)
{
"odata.metadata": "https://graph.windows.net/<tenant>/$metadata#directoryObjects/Microsoft.DirectoryServices.User",
"value": [
{
"objectId": "00000eab-603a-4de2-9d25-d3821e7d6583",
...
"extension_3a4189d71ad149c6ab5e65ac45bd6add_MyAttribute1": "something"
}
]
}
This does not happen with the Graph API, only some "basic" attributes are returned https://graph.microsoft.com/v1.0/users/00000eab-603a-4de2-9d25-d3821e7d6583
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "00000eab-603a-4de2-9d25-d3821e7d6583",
...
}
Also tried to explicitly select the property but the extension value is not returned
...graph.microsoft.com/v1.0/users/00000eab-603a-4de2-9d25-d3821e7d6583/?$select=id,extension_3a4189d71ad149c6ab5e65ac45bd6add_MyAttribute1
How can we read Azure B2C custom attributes with Graph API?
解决方案Custom attributes are returned:
Request
GET https://graph.windows.net/mytenant.onmicrosoft.com/users/8b2ceb5d-4f45-4e42-b979-419119df4eaf?api-version=1.6
Response
{
"odata.type": "Microsoft.DirectoryServices.User",
"objectType": "User",
"objectId": "8b2ceb5d-4f45-4e42-b979-419119df4eaf",
...
"userType": "Member",
"extension_5c5668a4ddb44c27b0d55cb412c41787_loyaltyId": "some value from the demo"
}
Source: this is from the sample app: B2C-GraphAPI-DotNet
Lookup Extension Guid via the Azure Portal
The above is for builtin in policies.