图 API 无法按用于登录的 phone 号码筛选 Azure AD B2B 用户
Graph API cannot filter Azure AD B2B users by the phone number used to sign in
我无法通过用于使用 Microsoft Graph API 登录的 phone 号码在 Azure AD B2C 中找到用户。根据to the documentation,只要我在过滤器中提供issuer
和issuerAssignedId
,我应该能够通过他们的身份查询用户,但我总是收到一个空结果集。
我试过:
- 改为通过电子邮件地址身份进行查询。这样就成功了。
- 首次使用 phone 号码登录,以防需要进行某种初始化。用户仍未返回。
- 通过用户属性查询
mobilePhone
。 Querying by mobilePhone requires setting ConsistencyLevel=eventual, and ConsistencyLevel=eventual is not supported in Azure AD B2C.
下面是成功创建测试用户的请求,随后是尝试通过电子邮件地址或 phone 号码找到该用户的请求。
变量{{B2C_TENANT}}
是完整的租户域:example.onmicrosoft.com
。
创建用户
首先,我创建用户并为其提供两个登录身份:一个带有电子邮件地址,一个带有 phone 号码。
要求:
POST /v1.0/users HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
{
"accountEnabled": true,
"displayName": "Stephen",
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": {
"password": "asdkljfdklsj2340982304#$#$",
"forceChangePasswordNextSignIn": false
},
"identities": [
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "stephen@example.com"
},
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
}
]
}
通过phone
查找用户
此请求总是 returns 一个空结果集,就好像不存在具有给定 phone 号码的用户。
要求:
GET /v1.0/users/?$filter=identities/any(id:id/issuer eq '{{B2C_TENANT}}' and id/issuerAssignedId eq '+13105551234') HTTP/1.1
Host: graph.microsoft.com
回复:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": []
}
通过电子邮件查找用户
此请求 returns 用户。如果我 select identities
,我可以看到它包含 phone 数字登录我试图在上一个请求中查询。
要求:
GET /v1.0/users/?$filter=identities/any(ident:ident/issuer eq '{{B2C_TENANT}}' and ident/issuerAssignedId eq 'stephen@example.com')&$select=id,userPrincipalName,displayName,identities HTTP/1.1
Host: graph.microsoft.com
回复:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,displayName,identities)",
"value": [
{
"id": "2de83c94-e734-470b-8ca2-c3279c364164",
"userPrincipalName": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}",
"displayName": "Stephen",
"identities": [
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
},
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "stephen@example.com"
},
{
"signInType": "userPrincipalName",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}"
}
]
}
]
}
URL 编码 phone 数字。 %2B13105551234
,然后就可以了。
我无法通过用于使用 Microsoft Graph API 登录的 phone 号码在 Azure AD B2C 中找到用户。根据to the documentation,只要我在过滤器中提供issuer
和issuerAssignedId
,我应该能够通过他们的身份查询用户,但我总是收到一个空结果集。
我试过:
- 改为通过电子邮件地址身份进行查询。这样就成功了。
- 首次使用 phone 号码登录,以防需要进行某种初始化。用户仍未返回。
- 通过用户属性查询
mobilePhone
。 Querying by mobilePhone requires setting ConsistencyLevel=eventual, and ConsistencyLevel=eventual is not supported in Azure AD B2C.
下面是成功创建测试用户的请求,随后是尝试通过电子邮件地址或 phone 号码找到该用户的请求。
变量{{B2C_TENANT}}
是完整的租户域:example.onmicrosoft.com
。
创建用户
首先,我创建用户并为其提供两个登录身份:一个带有电子邮件地址,一个带有 phone 号码。
要求:
POST /v1.0/users HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
{
"accountEnabled": true,
"displayName": "Stephen",
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": {
"password": "asdkljfdklsj2340982304#$#$",
"forceChangePasswordNextSignIn": false
},
"identities": [
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "stephen@example.com"
},
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
}
]
}
通过phone
查找用户此请求总是 returns 一个空结果集,就好像不存在具有给定 phone 号码的用户。
要求:
GET /v1.0/users/?$filter=identities/any(id:id/issuer eq '{{B2C_TENANT}}' and id/issuerAssignedId eq '+13105551234') HTTP/1.1
Host: graph.microsoft.com
回复:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": []
}
通过电子邮件查找用户
此请求 returns 用户。如果我 select identities
,我可以看到它包含 phone 数字登录我试图在上一个请求中查询。
要求:
GET /v1.0/users/?$filter=identities/any(ident:ident/issuer eq '{{B2C_TENANT}}' and ident/issuerAssignedId eq 'stephen@example.com')&$select=id,userPrincipalName,displayName,identities HTTP/1.1
Host: graph.microsoft.com
回复:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,displayName,identities)",
"value": [
{
"id": "2de83c94-e734-470b-8ca2-c3279c364164",
"userPrincipalName": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}",
"displayName": "Stephen",
"identities": [
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
},
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "stephen@example.com"
},
{
"signInType": "userPrincipalName",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}"
}
]
}
]
}
URL 编码 phone 数字。 %2B13105551234
,然后就可以了。