I want to check if a user is a member of a particular group inside of my B2C custom policy.
I am using MS Graph API to check this. I have tried to check with the following APIs
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members/{userObjectId}
This works well for positive cases (when a user is in the group), but when the user is not in the group, it returns a 404
status code, which is impossible to handle with a custom policy.
POST https://graph.microsoft.com/v1.0/users/{userObjectId}/checkMemberObjects
{
"ids": [
"groupObjectId"
]
}
This API returns a 200
status code in any case, and I can handle the response, but the userObjectId
is dynamic, and I have to set SendClaimsIn
to Url
so that I cannot pass request body and send a POST
request.
I have also tried to check the same thing with reversed API where the groupObjectId
will be static and will not force me to use <Item Key="SendClaimsIn">Url</Item>
.
POST https://graph.microsoft.com/v1.0/groups/{groupObjectId}/checkMemberObjects
{
"ids": [
"userObjectId"
]
}
But this returns 400
Bad Request with the following message
{
"error": {
"code": "Request_BadRequest",
"message": "The object class referenced by given parameters is not valid for member link.",
"innerError": {
"date": "2022-09-08T13:13:11",
"request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31",
"client-request-id": "71ab6e9f-059f-4b9c-b40b-69671f7a3f31"
}
}
}
An answer to any of the following questions will be counted as an answer and appreciated.
404
status codes in custom policies? ( A likely question was answered in 2019, maybe it is possible now.) Currently, I am checking this based on this sample , but this is a bad solution as a user can be a member of many groups (including the needed one), but we are checking only with first three groups.
You could use query parameters to customize responses .
GET https://graph.microsoft.com/v1.0/groups/{groupObjectId}/members$filter=id eq '{userObjectId}'
Then check if @odata.count
equals one and if so, the user with that particular userObjectId
exists in that group.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.