[英]How to handle REST API error in a B2C custom policy?
I want to check if a user is a member of a particular group inside of my B2C custom policy.我想检查用户是否是我的 B2C 自定义策略中特定组的成员。
I am using MS Graph API to check this.我正在使用 MS Graph API 来检查这一点。 I have tried to check with the following APIs
我尝试检查以下 API
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members/{userObjectId}
This works well for positive cases (when a user is in the group), but when the user is not in the group, it returns a 404
status code, which is impossible to handle with a custom policy.这适用于肯定的情况(当用户在组中时),但当用户不在组中时,它会返回
404
状态代码,这是无法使用自定义策略处理的。
POST https://graph.microsoft.com/v1.0/users/{userObjectId}/checkMemberObjects
{
"ids": [
"groupObjectId"
]
}
This API returns a 200
status code in any case, and I can handle the response, but the userObjectId
is dynamic, and I have to set SendClaimsIn
to Url
so that I cannot pass request body and send a POST
request.这个 API 在任何情况下都会返回
200
状态码,我可以处理响应,但是userObjectId
是动态的,我必须将SendClaimsIn
设置为Url
以便我无法传递请求正文并发送POST
请求。
I have also tried to check the same thing with reversed API where the groupObjectId
will be static and will not force me to use <Item Key="SendClaimsIn">Url</Item>
.我还尝试使用反向 API 检查相同的事情,其中
groupObjectId
将为 static 并且不会强迫我使用<Item Key="SendClaimsIn">Url</Item>
。
POST https://graph.microsoft.com/v1.0/groups/{groupObjectId}/checkMemberObjects
{
"ids": [
"userObjectId"
]
}
But this returns 400
Bad Request with the following message但这会返回
400
Bad Request 并显示以下消息
{
"error": {
"code": "Request_BadRequest",
"message": "The object class referenced by given parameters is not valid for member link.",
"innerError": {
"date": "2022-09-08T13:13:11",
"request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31",
"client-request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31"
}
}
}
An answer to any of the following questions will be counted as an answer and appreciated.对以下任何问题的回答将被视为答案并受到赞赏。
404
status codes in custom policies?404
状态代码? ( A likely question was answered in 2019, maybe it is possible now.) Currently, I am checking this based on this sample , but this is a bad solution as a user can be a member of many groups (including the needed one), but we are checking only with first three groups.目前,我正在根据这个示例进行检查,但这是一个糟糕的解决方案,因为用户可以是许多组的成员(包括所需的组),但我们只检查前三个组。
You could use query parameters to customize responses .您可以使用查询参数来自定义响应。
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members$filter=id eq '{userObjectId}'
Then check if @odata.count
equals one and if so, the user with that particular userObjectId
exists in that group.然后检查
@odata.count
等于 1,如果是,则具有该特定userObjectId
的用户存在于该组中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.