Azure B2C:图表 API 并不总是 return 用户
Azure B2C: Graph API doesn't always return user
当查询 Azure B2C Graph API 以检索特定用户时,我注意到有时不会返回任何结果,但会从 Graph API 返回 HTTP 200 代码服务器。每次我们需要调用 Graph API 时,我们的服务器都会创建一个 Graph API 令牌(将来会处理,但这可能就是我遇到以下问题的原因)。
大多数这些问题都发生在我们的集成测试期间,这些测试写在 Python。
首先,我们在 Azure B2C 中创建用户:
Inserting test user with data: {
"accountEnabled":true,
"displayName":"Patricia Robles",
"mailNickname":"PatriciaRobles",
"extension_<id>_organizationId":"b5468371-54e7-41d3-8dc4-904779417ce2",
"extension_<id>_organizationName":"My Organization",
"extension_<id>_username":"PatriciaRobles",
"givenName":"Patricia",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com",
"passwordProfile":{
"password":"He#02021"
}
}
Created in Graph API: {
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"businessPhones":[
],
"displayName":"Patricia Robles",
"givenName":"Patricia",
"jobTitle":"None",
"mail":"None",
"mobilePhone":"None",
"officeLocation":"None",
"preferredLanguage":"None",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com"
}
所以看起来它实际上是在 Azure B2C 中创建了用户。请注意,我实际上更改了实际运行时的值以防止泄露敏感数据。
现在,作为测试期间的完整性检查,我想查询组织中的所有用户:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_<id>_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', "value":[
{
"givenName":"Patricia",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"surname":"Robles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"PatriciaRobles@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Ruby",
"id":"a7b2d2fe-3176-49bc-9775-691195ed9002",
"surname":"Woodard",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"RubyWoodard@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Helen",
"id":"d97201c8-e561-4b83-aa75-441ccc069a18",
"surname":"Charles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"HelenCharles@testb2c.onmicrosoft.com"
}
]
}
]
}
Azure B2C 中确实存在该用户。所以我们绝对应该能够查询该个人用户,对吗?
嗯,不完全是:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_5d0e560b4ba9481d97b55226dd4c411a_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2' and id eq '5e2ae56c-4493-451f-be26-de51e05475c5'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', 'value': []}
Retrieved from Graph API: {}
所以现在,没有用户通过 Graph API 从 Azure B2C 返回。
为什么会这样?
这是一项全球分布式服务,您正在访问用户尚未复制到的不同 DC。用户出现在该地区的所有 DC 可能需要几秒钟。
这是预期的行为,您必须在设计解决方案时考虑到这一点。您可以使用重试逻辑,但最好不要在 POST/PATCH 操作之后执行 GET。
理想情况下,您可以通过没有此问题的 AAD B2C 策略来安排注册。
当查询 Azure B2C Graph API 以检索特定用户时,我注意到有时不会返回任何结果,但会从 Graph API 返回 HTTP 200 代码服务器。每次我们需要调用 Graph API 时,我们的服务器都会创建一个 Graph API 令牌(将来会处理,但这可能就是我遇到以下问题的原因)。
大多数这些问题都发生在我们的集成测试期间,这些测试写在 Python。
首先,我们在 Azure B2C 中创建用户:
Inserting test user with data: {
"accountEnabled":true,
"displayName":"Patricia Robles",
"mailNickname":"PatriciaRobles",
"extension_<id>_organizationId":"b5468371-54e7-41d3-8dc4-904779417ce2",
"extension_<id>_organizationName":"My Organization",
"extension_<id>_username":"PatriciaRobles",
"givenName":"Patricia",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com",
"passwordProfile":{
"password":"He#02021"
}
}
Created in Graph API: {
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"businessPhones":[
],
"displayName":"Patricia Robles",
"givenName":"Patricia",
"jobTitle":"None",
"mail":"None",
"mobilePhone":"None",
"officeLocation":"None",
"preferredLanguage":"None",
"surname":"Robles",
"userPrincipalName":"PatriciaRobles@testb2c.onmicrosoft.com"
}
所以看起来它实际上是在 Azure B2C 中创建了用户。请注意,我实际上更改了实际运行时的值以防止泄露敏感数据。
现在,作为测试期间的完整性检查,我想查询组织中的所有用户:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_<id>_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', "value":[
{
"givenName":"Patricia",
"id":"5e2ae56c-4493-451f-be26-de51e05475c5",
"surname":"Robles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"PatriciaRobles@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Ruby",
"id":"a7b2d2fe-3176-49bc-9775-691195ed9002",
"surname":"Woodard",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"RubyWoodard@testb2c.onmicrosoft.com"
}
]
},
{
"givenName":"Helen",
"id":"d97201c8-e561-4b83-aa75-441ccc069a18",
"surname":"Charles",
"identities":[
{
"signInType":"userPrincipalName",
"issuer":"testb2c.onmicrosoft.com",
"issuerAssignedId":"HelenCharles@testb2c.onmicrosoft.com"
}
]
}
]
}
Azure B2C 中确实存在该用户。所以我们绝对应该能够查询该个人用户,对吗?
嗯,不完全是:
https://graph.microsoft.com/v1.0/users?$select=identities,givenName,id,surname&$filter=extension_5d0e560b4ba9481d97b55226dd4c411a_organizationId eq 'b5468371-54e7-41d3-8dc4-904779417ce2' and id eq '5e2ae56c-4493-451f-be26-de51e05475c5'
Returned for Graph API: {'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users(identities,givenName,id,surname)', 'value': []}
Retrieved from Graph API: {}
所以现在,没有用户通过 Graph API 从 Azure B2C 返回。
为什么会这样?
这是一项全球分布式服务,您正在访问用户尚未复制到的不同 DC。用户出现在该地区的所有 DC 可能需要几秒钟。
这是预期的行为,您必须在设计解决方案时考虑到这一点。您可以使用重试逻辑,但最好不要在 POST/PATCH 操作之后执行 GET。
理想情况下,您可以通过没有此问题的 AAD B2C 策略来安排注册。