Azure B2C:图形API并不总是返回用户 [英] Azure B2C: Graph API doesn't always return user
本文介绍了Azure B2C:图形API并不总是返回用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在查询Azure B2C Graph API以检索特定用户时,我注意到有时不会返回任何结果,但会从Graph API服务器返回HTTP200代码。每次我们需要调用Graph API时,我们的服务器都会创建一个Graph API令牌(将在将来处理,但这可能是我遇到以下问题的原因)。
大多数此类问题都发生在我们的集成测试期间,这些测试是用Python编写的。
首先,我们在Azure B2C中创建用户:
Inserting test user with data: {
"accountEnabled":true,
"displayName":"Patricia Robles",
"mailNickname":"PatriciaRobles",
"extension_<id>_organizationId":"b5468371-54e7-41d3-8dc4-904779417ce2",
"extension_<id>_organizationName":"My Organization",
"extension_<id>_username":"PatriciaRobles",
"givenName":"Patricia",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com",
"passwordProfile":{
"password":"He#02021"
}
}
Created in Graph API: {
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"businessPhones":[
],
"displayName":"Patricia Robles",
"givenName":"Patricia",
"jobTitle":"None",
"mail":"None",
"mobilePhone":"None",
"officeLocation":"None",
"preferredLanguage":"None",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com"
}
所以看起来它实际上是在Azure B2C中创建了用户。请注意,我实际上更改了实际运行时的值,以防止敏感数据泄露。
现在,作为测试期间的健全性检查,我想查询组织中的所有用户:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_<id>_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', "value":[
{
"givenName":"Patricia",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"surname":"Robles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"PatriciaRobles@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Ruby",
"id":"a7b2d2fe-3176-49bc-9775-691195ed9002",
"surname":"Woodard",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"RubyWoodard@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Helen",
"id":"d97201c8-e561-4b83-aa75-441ccc069a18",
"surname":"Charles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"HelenCharles@testb2c.onmicrosoft.com"
}
]
}
]
}
该用户肯定存在于Azure B2C中。所以我们绝对应该能够查询到那个用户,对吗?
嗯,不完全是:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_5d0e560b4ba9481d97b55226dd4c411a_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2' and id eq '5e2ae56c-4493-451f-be26-de51e05475c5'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', 'value': []}
Retrieved from Graph API: {}
所以现在,没有用户通过图形API从Azure B2C返回。
究竟为什么会发生这种情况?
推荐答案
这是一个全局分布式服务,您正在访问用户尚未复制到的其他DC。用户可能需要几秒钟时间才能跨区域中的所有DC出现。
这是预期的行为,您必须考虑到这一点来设计解决方案。您可以使用重试逻辑,但最好不要在POST/PATCH操作之后执行GET。
理想情况下,您可以通过不存在此问题的AAD B2C策略协调注册。
这篇关于Azure B2C:图形API并不总是返回用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文