Getting extension properties using Azure AD B2C Graph API does not work

3
votes

I am attempting to discover which extension properties I have available to my application. I originally followed this guide to get the extension attributes:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/#use-custom-attributes

But that just returns the following JSON:

{
  "odata.metadata": "https://graph.windows.net/screenmediatestb2c.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.ExtensionProperty",
  "value": []
}

I have also attempted to do this with regular HTTP requests using Postman, but with the exact same result. I can authenticate and load applications, users, groups etc. But it doesn't return any of my custom attributes, of which I have 2.

The endpoint I am using is:

https://graph.windows.net/[tenant]/applications/[application object ID]/extensionProperties?api-version=1.6

Does anyone have any idea what I am doing wrong?

3
azureazure-active-directoryazure-ad-b2cazure-ad-graph-api
Are you using the B2C-GraphAPI-DotNet example from github? I'm facing the same problem and I noticed that running B2C Get-B2C-Application adds a filter to the end of the request of filter=displayName eq 'b2c-extensions-app'. I tried to change the objectid passed to B2C Get-Extension-Attribute to my named application visible through the App registrations blade but again the list of custom attributes is blank. Were you able find out what was wrong? - ChrisO

3 Answers

3
votes

I just noticed a disclaimer at the bottom of this page https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-custom-attr/. Looks like this might be our problem.

There is a known limitation of custom attributes. It is only created the first time it is used in any policy, and not when you add it to the list of User attributes.

0
votes

There is a bug in the accompanying GitHub repo for the tutorial at: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/#use-custom-attributes

Un-bust your balls by changing Program.GetB2CExtensionApplication(...) to:

private static void GetB2CExtensionApplication(string[] args)
{
  object formatted = JsonConvert.DeserializeObject(client.
      GetApplications("$filter=startswith(displayName, 'b2c-extensions-app')").Result);
  Console.ForegroundColor = ConsoleColor.White;
  Console.WriteLine(JsonConvert.SerializeObject(formatted, Formatting.Indented));
}

Instead of checking if the displayName equals 'b2c-extensions-app' it checks if it starts with 'b2c-extensions-app'. They have changed the name of the application in later versions of Azure AD B2C.

When you use the returned ID to get your extensions you will see that the Custom Attribute Name is prefixed with a Guid, and that's why we're been having trouble accessing it: Eg. extension_10ecdccd92c446829a399e68ed758978_MyCustomAttribute

The correct GET URL for the Get-B2C-Application should be:

GET https://graph.windows.net/{Tenant}/applications?api-version=1.6&$filter=startswith(displayName,'b2c-extensions-app')

And the GET URL for the Extensions Properties (Custom Atttributes) should be:

GET https://graph.windows.net/{Tenant}/applications/{ObjectID}/extensionProperties?api-version=1.6
0
votes

It's possible to get the attributes via LINQ:

    string selectClause = "GivenName,Surname,Id,Mail"
    + ",extension_{ExtensionPropertyPrefixGUID}_myAttribute1"
    + ",extension_{ExtensionPropertyPrefixGUID}_myAttribute2";

    var result = await _graphClient.Users
    .Request()
    .Select(selectClause)
    .GetAsync();

The extension attributes will then be accessible via the AdditionalData

foreach (User user in result.CurrentPage)
{
 string attribute1Value = (string)user.AdditionalData["extension_{ExtensionPropertyPrefixGUID}_myAttribute1";
}