[英]Look up user in AAD based on AADB2C attribute value
If I have a user in Aure AD B2C that was created based on an Azure AD (enterprise) identity (as described here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom ), is there an attribute stored in AADB2C that will allow me to look up (using Graph API or similar) the user object in AAD?如果我在 Aure AD B2C 中有一个基于 Azure AD(企业)标识创建的用户(如此处所述: https : //docs.microsoft.com/en-us/azure/active-directory-b2c/active- directory-b2c-setup-aad-custom ),是否有一个属性存储在 AADB2C 中,允许我在 AAD 中查找(使用 Graph API 或类似的)用户对象? I see that among the AADB2C attributes there is userPrincipalName and issuerUserId but it's not obvious to me if either of these match any value stored in AAD.我看到在 AADB2C 属性中,有userPrincipalName和issuerUserId,但如果这两个属性中的任何一个与 AAD 中存储的任何值匹配,我就不清楚。
thanks!谢谢!
Martin马丁
For an external account, the external issuer (ie, Azure AD) and the external user identifier (ie, the object identifier of the Azure AD user) are written to the "userIdentities" property of the user object in the Azure AD B2C directory, where the "issuerUserId" property contains the Base64-encoding of the external user identifier:对于外部帐户,将外部颁发者(即Azure AD)和外部用户标识符(即Azure AD 用户的对象标识符)写入Azure AD B2C 目录中用户对象的“userIdentities”属性中,其中“issuerUserId”属性包含外部用户标识符的 Base64 编码:
{
"userIdentities": [
{
"issuer": "contoso.com",
"issuerUserId": "Mjk2NzdlNTAtY2MwZS00MmU5LWJhNWMtZjFmMDdkZTUwMDhm"
}
]
}
To find the user object by the external account, you can invoke the following Graph API operation, where the "x/issuerUserId" value is set to the hexadecimal-encoding of the external user identifier:要通过外部帐户查找用户对象,您可以调用以下 Graph API 操作,其中“x/issuerUserId”值设置为外部用户标识符的十六进制编码:
GET https://graph.windows.net/myorganization/users?$filter=userIdentities/any(x:x/issuer eq 'contoso.com' and x/issuerUserId eq X'32393637376535302d636330652d343265392d626135632d663166303764653530303866')
Update:更新:
The issuerUserId from the external identity provider should be treated as string and not decimal.来自外部身份提供者的 issuerUserId 应该被视为字符串而不是十进制。 In above example, when you base 64 decode "Mjk2NzdlNTAtY2MwZS00MmU5LWJhNWMtZjFmMDdkZTUwMDhm" - it returns a guid 29677e50-cc0e-42e9-ba5c-f1f07de5008f.在上面的示例中,当您对“Mjk2NzdlNTAtY2MwZS00MmU5LWJhNWMtZjFmMDdkZTUwMDhm”进行 base 64 解码时,它会返回一个 guid 29677e50-cc0e-42e9-ba5c-f1f07de5008f In case of facebook, the issuerUserId will be a number, but still should be treated as string.在 facebook 的情况下, issuerUserId 将是一个数字,但仍应视为字符串。
Next step will be to use string to hexadecimal converter and then use that value in the query.下一步将是使用字符串到十六进制转换器,然后在查询中使用该值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.