stackoom
  简体   繁体   中英

How to handle REST API error in a B2C custom policy?

 原文  2022-09-09 06:45:42       azure/ microsoft-graph-api/ azure-ad-b2c/ azure-ad-b2c-custom-policy

Question

Problem description

I want to check if a user is a member of a particular group inside of my B2C custom policy.

Solutions I have tried

I am using MS Graph API to check this. I have tried to check with the following APIs

GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members/{userObjectId}

This works well for positive cases (when a user is in the group), but when the user is not in the group, it returns a 404 status code, which is impossible to handle with a custom policy.

POST https://graph.microsoft.com/v1.0/users/{userObjectId}/checkMemberObjects

{
    "ids": [
        "groupObjectId"
    ]
}

This API returns a 200 status code in any case, and I can handle the response, but the userObjectId is dynamic, and I have to set SendClaimsIn to Url so that I cannot pass request body and send a POST request.

I have also tried to check the same thing with reversed API where the groupObjectId will be static and will not force me to use <Item Key="SendClaimsIn">Url</Item> .

POST https://graph.microsoft.com/v1.0/groups/{groupObjectId}/checkMemberObjects

{
    "ids": [
        "userObjectId"
    ]
}

But this returns 400 Bad Request with the following message

{
    "error": {
        "code": "Request_BadRequest",
        "message": "The object class referenced by given parameters is not valid for member link.",
        "innerError": {
            "date": "2022-09-08T13:13:11",
            "request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31",
            "client-request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31"
        }
    }
}

The question

An answer to any of the following questions will be counted as an answer and appreciated.

  1. Is there a way to handle 404 status codes in custom policies? ( A likely question was answered in 2019, maybe it is possible now.)
  2. How to make the third API work?
  3. What would you recommend for checking a user's group membership using B2C custom policies?

Additional information

Currently, I am checking this based on this sample , but this is a bad solution as a user can be a member of many groups (including the needed one), but we are checking only with first three groups.

1 answers

solution1
 0  2022-09-09 07:12:50

You could use query parameters to customize responses .

GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members$filter=id eq '{userObjectId}'

Then check if @odata.count equals one and if so, the user with that particular userObjectId exists in that group.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rest API call in custom policy in Azure AD B2C Error messages from REST API call is not showing in B2C custom policy AAD B2C IEF: How to pass error code and message from REST API to the application with costom policy? Sending data from my web application to call a REST API service from a B2C custom policy Azure B2C custom policy REST API CALL not working for Microsoft account Rest API call during Azure AD B2C SignIN in Custom Policy AAD B2C Migration - ROPC Sign In Custom Policy with Rest-API Integ with Legacy IDP - Is that supported? Azure AD B2C Custom Policy error message customization azure B2c Seamless user migration custom policy error How to use IdentityServer3 or 4 in Azure B2c as custom policy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM