使用Graph API目录架构API创建时,B2C自定义属性未显示 [英] B2C Custom Attributes not showing when created using Graph API directory schema API
问题描述
使用此处记录的扩展API:
Using the extension API documented here:
in conjuction with the B2C Graph Client sample:
我使用以下API通过AD Graph API为目录架构扩展创建了自定义属性:
I created a custom attribute via the AD Graph API for directory schema extensions using this API:
POST
https://graph.windows.net/contoso.onmicrosoft.com/applications/<applicationObjectId>/extensionProperties?api-version=1.6
{
name: "OrgRoleId",
dataType: "String",
targetObjects: [
"User"
]
}
(请注意,我将API版本更改为1.6).
(Note I changed the API version to 1.6).
API创建的自定义属性使用B2CGraphClient示例显示,并且具有与通过Azure门户针对B2C注册的数据相同的数据.
The API created custom attributes appear using the B2CGraphClient sample and has the same data as those registered via the Azure portal for B2C.
但是,这些API创建的自定义属性不会出现在租户的Azure门户用户属性"刀片中,而那些通过Azure门户为B2C租户创建的自定义属性却不会出现.
However, these API created custom attributes don't appear in the Azure portal 'User attributes' blade for the tenant, while those custom attributes created via the Azure portal for the B2C tenant do.
请注意,我可以成功(通过Graph API)为用户读取和写入这些扩展值.我只是不能将它们放入声明中,因为它们没有出现在Azure门户的用户属性"选项卡或策略声明刀片中,因此它们没有作为声明添加到令牌中.
Note that I can successfully read and write these extension values for users (via the Graph API). I just cannot put them into claims because they don't appear on the 'User attributes' blade nor the policy claims blade in the Azure portal, and therefore they are not added as claims to the token.
我想念/做错了什么?
B2C.exe Get-extension-attribute <b2c-extensions-app objectId>的输出. *_Test1出现(创建门户),而*_UserRoleId没有出现(创建API):
Output from B2C.exe Get-extension-attribute <b2c-extensions-app objectId>. *_Test1 appears (portal created), while *_UserRoleId does not (API created):
{
"odata.metadata": "https://graph.windows.net/<tenant_id>/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "f58bc813-632c-486b-bff1-61695eeab691",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_<object_id>_Test1",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": [
"User"
]
},
{
"odata.type": "Microsoft.DirectoryServices.ExtensionProperty",
"objectType": "ExtensionProperty",
"objectId": "5e69b2d9-1ab0-463f-a231-5c188e92b4a1",
"deletionTimestamp": null,
"appDisplayName": "",
"name": "extension_<object_id>_UserRoleId",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": [
"User"
]
}
...
推荐答案
通过门户添加扩展属性时,该扩展属性在目录中创建,并由b2c-extensions-app应用程序和拥有也被添加到整个租户策略中.这就是您创建它们时可以在应用程序策略中使用它们的原因.
When you add an extension attribute through the portal, it is created in the directory and owned by the b2c-extensions-app application and it is also added to a tenant-wide policy. That is what allows you to use them in application policies as you create them.
使用Graph API创建扩展属性时,它不会添加到策略中,通常会在b2c-extensions-app以外的应用程序上创建.您可以直接在自定义策略中使用这些属性,但是它们不会出现在门户中,也不能在通过门户创建的策略中使用.
When you create an extension attribute using Graph API, it is not added to the policy and usually created on an application other than b2c-extensions-app. You can use these properties directly in custom policies, but they will not appear in the portal and cannot be used in the policies created through the portal.
最佳做法是仅通过门户网站创建扩展属性,以便对所有策略均可用.这样一来,客户就可以将自定义策略与内置的b2c用户流混合并匹配.
It is a best practice to just create the extension properties through the portal so they are available for all policies. This allows customers to mix and match custom policies with built-in b2c user flows.
这篇关于使用Graph API目录架构API创建时,B2C自定义属性未显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
