无法使用GraphAPI从Azure AD B2C检索用户电子邮件 [英] Unable to retrieve user email from Azure AD B2C using GraphAPI

问题描述

我已经创建了一个Azure AD B2C租户，并使用用户名作为登录方法配置了本地帐户.我创建了注册策略，并通过Azure AD B2C注册屏幕进行了注册.在注册屏幕中，我输入了电子邮件地址，Azure AD B2C发送了一封电子邮件以进行验证.注册成功后，我试图通过Graph API获取注册用户的详细信息.

I have created an Azure AD B2C tenant and configured local account with username as the login method. I created a signup policy and did a signup through Azure AD B2C signup screen. In the signup screen, I entered an email address and Azure AD B2C sent an email for validation. Once signup succeeded, I was trying to get the signed up user's details through the Graph API.

用于检索用户详细信息的图形API URL:

Graph API URL used to retrieve user details:

https://graph.windows.net/<tenantid>/users?api-version=1.6

我可以获取新用户的所有其他信息，例如用户名，名字，姓氏等，但该用户在电子邮件验证期间输入的电子邮件地址除外.

I was able to get all other information of new user like username, first name, last name, etc... except the email address entered by the user during email validation.

请告知我是否有任何方法或配置可通过Graph API获取电子邮件地址.

Please let me know if there is any way or configuration available to get email address through the Graph API.

推荐答案

如果用户使用用户名+电子邮件验证登录，则无法检索使用的电子邮件.

以下是与Azure AD B2C中的电子邮件有关的所有案例以及它们的存储位置.

Here are all the cases pertaining email in Azure AD B2C and where they are stored.

• 具有基于电子邮件登录功能的本地帐户:可以通过signInNames属性
使用电子邮件
• 具有基于用户名登录功能的本地帐户+电子邮件验证:电子邮件在任何地方都不可用.
• 通过内置策略:如果可以从IdP获得电子邮件，则可以通过otherMails属性获得.

• Local account with email-based sign in: Email is available via the signInNames property
• Local account with username-based sign in + email verification: Email is not available anywhere.
• Social IdPs via built-in policies: Email, if available from the IdP, is available via the otherMails property.

其他注意事项:

• 用于MFA&的电子邮件密码重置在任何地方都不可用(这与具有基于用户名的登录名和电子邮件验证的本地帐户实际上是一样的情况.)
• 您可以在.
• 使用自定义策略和自定义的IdP，是否要检索电子邮件，从何处检索以及在何处存储完全取决于您.

• The email used for MFA & password reset is not available anywhere either (this is really the same case as local account with username-based sign in + email verification).
• You can prompt the user for their email in your sign up policy's "Sign-up attributes".
• With custom policies and custom IdPs, it's really up to you whether you want to retrieve the email, where to retrieve it from and where you store it.

您始终可以通过 Azure AD B2C反馈论坛

You can always request the email be made available for your scenario or any other asks via the Azure AD B2C feedback forum

这篇关于无法使用GraphAPI从Azure AD B2C检索用户电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！