如何处理 B2C 自定义策略中的 REST API 错误?
[英]How to handle REST API error in a B2C custom policy?
问题描述
Problem description
问题描述
I want to check if a user is a member of a particular group inside of my B2C custom policy.我想检查用户是否是我的 B2C 自定义策略中特定组的成员。
Solutions I have tried我尝试过的解决方案
I am using MS Graph API to check this.我正在使用 MS Graph API 来检查这一点。 I have tried to check with the following APIs我尝试检查以下 API
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members/{userObjectId}
This works well for positive cases (when a user is in the group), but when the user is not in the group, it returns a 404 status code, which is impossible to handle with a custom policy.这适用于肯定的情况(当用户在组中时),但当用户不在组中时,它会返回404状态代码,这是无法使用自定义策略处理的。
POST https://graph.microsoft.com/v1.0/users/{userObjectId}/checkMemberObjects
{
"ids": [
"groupObjectId"
]
}
This API returns a 200 status code in any case, and I can handle the response, but the userObjectId is dynamic, and I have to set SendClaimsIn to Url so that I cannot pass request body and send a POST request.这个 API 在任何情况下都会返回200状态码,我可以处理响应,但是userObjectId是动态的,我必须将SendClaimsIn设置为Url以便我无法传递请求正文并发送POST请求。
I have also tried to check the same thing with reversed API where the groupObjectId will be static and will not force me to use <Item Key="SendClaimsIn">Url</Item> .我还尝试使用反向 API 检查相同的事情,其中groupObjectId将为 static 并且不会强迫我使用<Item Key="SendClaimsIn">Url</Item> 。
POST https://graph.microsoft.com/v1.0/groups/{groupObjectId}/checkMemberObjects
{
"ids": [
"userObjectId"
]
}
But this returns 400 Bad Request with the following message但这会返回400 Bad Request 并显示以下消息
{
"error": {
"code": "Request_BadRequest",
"message": "The object class referenced by given parameters is not valid for member link.",
"innerError": {
"date": "2022-09-08T13:13:11",
"request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31",
"client-request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31"
}
}
}
The question问题
An answer to any of the following questions will be counted as an answer and appreciated.对以下任何问题的回答将被视为答案并受到赞赏。
- Is there a way to handle
404status codes in custom policies?有没有办法处理自定义策略中的404状态代码? ( A likely question was answered in 2019, maybe it is possible now.)( 一个可能的问题在 2019 年得到了回答,也许现在有可能。) - How to make the third API work?如何使第三个 API 工作?
- What would you recommend for checking a user's group membership using B2C custom policies?对于使用 B2C 自定义策略检查用户的组成员资格,您有什么建议?
Additional information附加信息
Currently, I am checking this based on this sample , but this is a bad solution as a user can be a member of many groups (including the needed one), but we are checking only with first three groups.目前,我正在根据这个示例进行检查,但这是一个糟糕的解决方案,因为用户可以是许多组的成员(包括所需的组),但我们只检查前三个组。
1 个解决方案
解决方案1
0 2022-09-09 07:12:50
You could use query parameters to customize responses .您可以使用查询参数来自定义响应。
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members$filter=id eq '{userObjectId}'
Then check if @odata.count equals one and if so, the user with that particular userObjectId exists in that group.然后检查@odata.count等于 1,如果是,则具有该特定userObjectId的用户存在于该组中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.