无法使用Microsoft Graph API在Azure AD B2C中创建使用身份验证的用户。

huangapple go评论138阅读模式
英文:

Not able to create users using identities in Azure AD B2C using Microsoft Graph API

问题

我正在尝试使用标识在Azure AD B2C中创建本地帐户(例如abc@yahoo.com)。

我遵循的文档是:
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-2-create-a-user-with-social-and-local-account-identities.

以下是请求有效载荷:

{  
  "displayName": "John Smith",  
  "identities": [  
    {
      "signInType": "emailAddress",
      "issuer": "mytenant.onmicrosoft.com",
      "issuerAssignedId": "jsmith@yopmail.com" 
    }
  ],
  "passwordProfile": { 
    "password": "Welcome@1",    
    "forceChangePasswordNextSignIn": false  
  },
  "passwordPolicies": "DisablePasswordExpiration"
}

这是我收到的响应:

"error": {
  "code": "Request_BadRequest",
  "message": "Property userPrincipalName value is required but is empty or missing."
}

起初,它对accountEnabledmailNickname抛出错误,所以我在有效载荷中添加了它们,然后它对userPrincipalName抛出错误。

如果我在有效载荷中添加userPrincipalName,它会抛出以下错误:

{
   "code": "Request_BadRequest",
   "message": "Property creationType is invalid."
}

如何使用Microsoft Graph API在Azure AD B2C中使用标识创建用户?

英文:

I'm trying to create local account (like abc@yahoo.com) in Azure AD B2C using identities.

This is the document I followed:
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-2-create-a-user-with-social-and-local-account-identities.

Below is the request payload:

{  
  "displayName": "John Smith",  
  "identities": [  
    {
      "signInType": "emailAddress",
      "issuer": "mytenant.onmicrosoft.com",
      "issuerAssignedId": "jsmith@yopmail.com" 
    }
  ],
  "passwordProfile": { 
    "password": "Welcome@1",    
    "forceChangePasswordNextSignIn": false  
  },
  "passwordPolicies": "DisablePasswordExpiration"
}

This is the response I'm getting:

"error": {
  "code": "Request_BadRequest",
  "message": "Property userPrincipalName value is required but is empty or missing."
}

First it was throwing an error for accountEnabled, mailNickname, so added them in payload, then it was throwing an error for userPrincipalName.

If I add userPrincipalName in the payload, it was throwing an error like this:

{
   "code": "Request_BadRequest",
   "message": "Property creationType is invalid."
}

How can I create users using identities in Azure AD B2C using Microsoft Graph API?

答案1

得分: 0

这是一个适用于我所有租户的属性示例:

{
"accountEnabled": true,
"displayName": "测试用户",
"mailNickname": "TestU",
"userPrincipalName": "TestU@tenant.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}

使用类似这样的内容,您是否仍然遇到错误?

更新

对于多个身份,可以使用以下内容:

"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
]

英文:

This is an example of attributes that work across all my tenants:

{
"accountEnabled": true,
"displayName": "Test User",
"mailNickname": "TestU",
"userPrincipalName": "TestU@tenant.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}

Do you still get the error with something like this?

Update

For multiple identities, something like this works:

"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
]

huangapple
  • 本文由 发表于 2023年7月31日 18:12:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/76802609.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定