[英]Azure Active Directory B2C: How to query MS Graph to get a user's alternative security ID?
B2C uses an alternative security ID to uniquely identify users from social accounts. B2C 使用备用安全 ID 来唯一标识来自社交帐户的用户。 We have a problem where a user enters credentials for a user, but somehow B2C authenticates the user as someone else.我们遇到一个问题,用户输入用户的凭据,但 B2C 以某种方式将用户身份验证为其他人。 I suspect the IDP is returning bad claims data or the alternative security IDs are the same.我怀疑 IDP 正在返回错误的声明数据或替代安全 ID 相同。 How do I view the alternative security ID of a user in Active Directory?如何在 Active Directory 中查看用户的备用安全 ID?
I tried the following MS Graph query trying all the attributes I can think of (including the ones listed in this article ), but graph doesn't return data for these attributes.我尝试了以下 MS Graph 查询,尝试了我能想到的所有属性(包括本文中列出的属性),但图形不返回这些属性的数据。
https://graph.microsoft.com/v1.0/users/<userId>?$select=id,alternativeSecurityId,alternativeSecurityIds,extension_<b2cExtensionAppId>_alternativeSecurityId,extension_<b2cExtensionAppId>_alternativeSecurityIds
Thanks in advance!提前致谢!
AlternativeSecurityId for a B2C user is found in the Identities collection via MS Graph API. B2C 用户的 AlternativeSecurityId 可通过 MS Graph API 在身份集合中找到。
The AlternativeSecurityId claim used in the B2C policy maps to the Identities: issuerAssignedId value for the corresponding issuer. B2C 策略中使用的 AlternativeSecurityId 声明映射到 Identities: issuerAssignedId 相应发行者的值。
Eg, for issuerAssignedId: 123 (id from google token) from issuer: google.com例如,对于 issuerAssignedId:123(来自 google 令牌的 id)来自 issuer:google.com
"identities": [
{
"signInType": "federated",
"issuer": "google.com",
"issuerAssignedId": "123"
}
],
You can return the identities collection by calling the /users endpoint of MS Graph API. https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http您可以通过调用 MS Graph API 的 /users 端点返回身份集合。 https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.