Azure B2C Custom Attributes
Azure B2C provides a set of built in user claims. As an
example Given Name, Sur Name. However, every customer facing application has some
unique requirements to collect additional attributes. As an example – collect business
address.
Azure B2C provides an option to create custom attribute and
the steps are defined here (https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes)
Example:
Once these custom attributes are defined, it will be
available as part of Azure b2C user journeys (built in or custom) or it can be
accessed (add, update) using Graph API.
However, Microsoft documentation on Graph API usage for custom attribute is not that clear.
Before explaining the Graph API approach for accessing custom attribute, let us look at how
Azure B2C interacts with Azure Active directory to manage user data.
When an Azure AD B2C
tenant is created, it creates a default application b2c-extension-app. This application
can be found under the blade –> Azure AD B2C -> App registration (Preview)
Azure B2C use the naming convention extension_<<this application id without dashes>>_custom attribute name to store the custom attributes.
Ex: extension_123456789107899533_BusinessName
To retrieve data using graph API, the following steps needs
to be done:
Create an application that has access to Graph API or legacy AAD API.
For this navigate to Azure AD B2C -> App Registration
Preview -> New Registration
Provide API permission for Graph or legacy Azure AD API
- Select the app created at the previous step.
- Go to API permissions tab
- Select Add API permission. From Microsoft API, select Graph or Azure Active Directory Graph
- Add application permission. Select Directory. Based on the application requirement (read or write access), select the permission.
- Once permission is added, provide admin consent. Select the button “Grant Admin permission for <<your AAD name>>
- Based on the API selected – Graph or legacy AAD, use the token end point to get an access token. Use content type - application/x-www-form-urlencoded
Graph:
AAD token end point
Get or update user data
Please note to send the token as
part of Authorization header
No comments:
Post a Comment