Thursday, February 20, 2020

Azure B2C Custom Attributes


Azure B2C Custom Attributes


Azure B2C provides a set of built in user claims. As an example Given Name, Sur Name. However, every customer facing application has some unique requirements to collect additional attributes. As an example – collect business address.
Azure B2C provides an option to create custom attribute and the steps are defined here (https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes)

Example:

Once these custom attributes are defined, it will be available as part of Azure b2C user journeys (built in or custom) or it can be accessed (add, update) using Graph API.
However, Microsoft documentation on Graph API usage for custom attribute is not that clear.

Before explaining the Graph API approach for accessing custom attribute, let us look at how Azure B2C interacts with Azure Active directory to manage user data.

When an Azure AD B2C tenant is created, it creates a default application b2c-extension-app. This application can be found under the blade –> Azure AD B2C  -> App registration (Preview)


Azure B2C use the naming convention extension_<<this application id without dashes>>_custom attribute name to store the custom attributes.
Ex: extension_123456789107899533_BusinessName

To retrieve data using graph API, the following steps needs to be done:

Create an application that has access to Graph API or legacy AAD API.

For this navigate to Azure AD B2C -> App Registration Preview -> New Registration

 Provide API permission for Graph or legacy Azure AD API

  1.  Select the app created at the previous step.
  2.  Go to API permissions tab
  3. Select Add API permission. From Microsoft API, select Graph or Azure Active Directory Graph
  4. Add application permission. Select Directory. Based on the application requirement (read or write access), select the permission.
  5. Once permission is added, provide admin consent. Select the button “Grant Admin permission for <<your AAD name>>
  6.        Based on the API selected – Graph or legacy AAD, use the token end point to get an access token. Use content type - application/x-www-form-urlencoded

Graph:



AAD token end point

Get or update user data




Please note to send the token as part of Authorization header
at No comments:
Subscribe to: Posts (Atom)

Featured post

How to connect to Mongo Atlas from Robo 3T

If you use a local instance of MongoDB, you might be a great fan of Robo3T. However, if you are using Mongo Atlas, the Atlas web interface p...

Popular Posts