英文:
Java Console Application to bulk upload user to Azure B2C active directory
问题
以下是翻译好的内容:
我正在尝试创建一个Java控制台应用程序,以批量将本地SQL数据库中的用户上传到Azure B2C活动目录。我有一个JSON文件,我创建了以下内容:
{
"users": [
{
"displayName": "Amanda Polly",
"givenName": "Amanda",
"surname": "Polly",
"extension_user_type": "user",
"identities": [
{
"signInType": "emailAddress",
"issuerAssignedId": "amandapolly@gmail.com"
}
],
"extension_timezone": "PST",
"extension_locale": "en-US",
"extension_tenant": "EG1234"
},
{
"displayName": "Lowa Doe",
"givenName": "Lowa",
"surname": "Doe",
"extension_user_type": "user",
"identities": [
{
"signInType": "userName",
"issuerAssignedId": "lowadow123"
}
],
"extension_timezone": "PST",
"extension_locale": "en-US",
"extension_tenant": "EG1234"
}
]
}
这些是我想要在B2C上创建的用户,我需要在这方面获得帮助,我必须使用Microsoft Graph API,有人可以引导我吗?我阅读了有关令牌和客户端ID的内容,但无法理解。
它在这个状态停滞了很长时间。无法将其反序列化为JSON。
英文:
I am trying to create a Java Console Application to bulk upload users from local SQL database to Azure b2c active directory. I have a JSON file which I created
{
"users": [
{
"displayName": "Amanda Polly",
"givenName": "Amanda",
"surname": "Polly",
"extension_user_type": "user",
"identities": [
{
"signInType": "emailAddress",
"issuerAssignedId": "amandapolly@gmail.com"
}
],
"extension_timezone": "PST",
"extension_locale": "en-US",
"extension_tenant": "EG1234"
},
{
"displayName": "Lowa Doe",
"givenName": "Lowa",
"surname": "Doe",
"extension_user_type": "user",
"identities": [
{
"signInType": "userName",
"issuerAssignedId": "lowadow123"
}
],
"extension_timezone": "PST",
"extension_locale": "en-US",
"extension_tenant": "EG1234"
}
]
}
These are the users which I want to create on B2C, I need help in starting this, I have to use microsoft graph API, can anyone guide me through, I read about tokens and clientID but was not able to understand it.
It is stuck in this state for a long time. deserializing to JSON
答案1
得分: 1
要调用 Microsoft Graph,您的应用程序必须从 Microsoft 身份验证平台获取访问令牌。访问令牌包含有关您的应用程序以及通过 Microsoft Graph 可用的资源和 API 的权限的信息。要获取访问令牌,您的应用程序必须在 Microsoft 身份验证平台上注册,并且要么由用户,要么由管理员授权访问所需的 Microsoft Graph 资源。
常见的两种身份验证流程是:client_credentials 流程 和 authorization_code 流程。前者是仅应用程序,后者是应用程序+用户。
在这里,我以“client_credentials 流程”为例。
首先,您需要注册您的应用程序。更详细的步骤在这里。请记得在您的 Azure AD 应用程序中添加并授予对 User.ReadWrite.All 应用程序权限的同意。
在添加权限后,不要忘记点击“授予管理员同意 {您的租户}”(请参阅下面的内容)。
创建客户端密钥是必要的。(创建后请记录,因为以后您将无法看到它)。
同时,请记得记录应用程序 ID(客户端 ID)以备后用。
现在,您可以将 Microsoft Graph Java SDK 安装到您的项目中,并像这样实现客户端凭据提供程序:
ClientCredentialProvider authProvider = new ClientCredentialProvider(
clientId,
scopes,
clientSecret,
tenant,
endpoint);
您应该从前面的步骤中获取 clientId 和 clientSecret。scopes 应为 "https://graph.microsoft.com/.default"。tenant 应为您的 B2C 租户的租户 ID。endpoint 是 Microsoft 的 NATIONAL_CLOUD。示例请参见这里。
然后,您可以使用以下代码来创建用户。请参阅这里的参考资料。
IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
User user = new User();
user.displayName = "John Smith";
LinkedList<ObjectIdentity> identitiesList = new LinkedList<ObjectIdentity>();
ObjectIdentity identities = new ObjectIdentity();
identities.signInType = "userName";
identities.issuer = "contoso.onmicrosoft.com";
identities.issuerAssignedId = "johnsmith";
identitiesList.add(identities);
ObjectIdentity identities1 = new ObjectIdentity();
identities1.signInType = "emailAddress";
identities1.issuer = "contoso.onmicrosoft.com";
identities1.issuerAssignedId = "jsmith@yahoo.com";
identitiesList.add(identities1);
ObjectIdentity identities2 = new ObjectIdentity();
identities2.signInType = "federated";
identities2.issuer = "facebook.com";
identities2.issuerAssignedId = "5eecb0cd";
identitiesList.add(identities2);
user.identities = identitiesList;
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.password = "password-value";
passwordProfile.forceChangePasswordNextSignIn = false;
user.passwordProfile = passwordProfile;
user.passwordPolicies = "DisablePasswordExpiration";
graphClient.users()
.buildRequest()
.post(user);
根据您的需求修改代码。
此外,如果您想要添加扩展属性,您需要参考创建 extensionProperty。您应该首先创建 extensionProperty,然后使用扩展属性创建用户。有关逻辑,请参阅我的另一个答案(只需要查看**"然后创建 claimsMappingPolicy:"**之前的内容)。
英文:
> To call Microsoft Graph, your app must acquire an access token from
> the Microsoft identity platform. The access token contains information
> about your app and the permissions it has for the resources and APIs
> available through Microsoft Graph. To get an access token, your app
> must be registered with the Microsoft identity platform and be
> authorized by either a user or an administrator for access to the
> Microsoft Graph resources it needs.
There are two kinds of common auth flow: client_credentials flow and authorization_code flow. The former is app-only, and the latter is app+user.
Here I take "client_credentials flow" as the example.
Firstly you need to Register your app. More detailed steps here. Remember to add and grant consent to User.ReadWrite.All application permission in your Azure AD app.
After you add the permission, don't forget to click on "Grant admin consent for {your tenant}" (see it below).
Create a client secret is necessary. (record it once it is created because you won't see it later).
Also remember to record the application id (client id) for late use.
Now you can Install the Microsoft Graph Java SDK to your project and implement Client credentials provider like this:
ClientCredentialProvider authProvider = new ClientCredentialProvider(
clientId,
scopes,
clientSecret,
tenant,
endpoint);
You should have clientId and clientSecret from the previous steps. scopes should be "https://graph.microsoft.com/.default". tenant should be the tenant id of your B2C tenant. endpoint is the NATIONAL_CLOUD of Microsoft. See the sample here.
Then you could use the following code to create user. See reference here.
IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();
User user = new User();
user.displayName = "John Smith";
LinkedList<ObjectIdentity> identitiesList = new LinkedList<ObjectIdentity>();
ObjectIdentity identities = new ObjectIdentity();
identities.signInType = "userName";
identities.issuer = "contoso.onmicrosoft.com";
identities.issuerAssignedId = "johnsmith";
identitiesList.add(identities);
ObjectIdentity identities1 = new ObjectIdentity();
identities1.signInType = "emailAddress";
identities1.issuer = "contoso.onmicrosoft.com";
identities1.issuerAssignedId = "jsmith@yahoo.com";
identitiesList.add(identities1);
ObjectIdentity identities2 = new ObjectIdentity();
identities2.signInType = "federated";
identities2.issuer = "facebook.com";
identities2.issuerAssignedId = "5eecb0cd";
identitiesList.add(identities2);
user.identities = identitiesList;
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.password = "password-value";
passwordProfile.forceChangePasswordNextSignIn = false;
user.passwordProfile = passwordProfile;
user.passwordPolicies = "DisablePasswordExpiration";
graphClient.users()
.buildRequest()
.post(user);
Modify the code based on your needs.
Besides, if you want to add extension attributes, you need to refer to Create extensionProperty. You should create extensionProperty first and then create the users with extension attributes. See my another answer for the logic. (just need to look into the content before "Then create a claimsMappingPolicy:")
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论