azure - Graph API 无法按用于登录的电话号码筛选 Azure AD B2B 用户

Question

我无法通过用于使用 Microsoft Graph API 登录的电话号码在 Azure AD B2C 中找到用户。根据to the documentation ，只要我在过滤器中提供 issuer 和 issuerAssignedId，我就应该能够通过用户的身份查询用户，但我总是收到一个空的结果集。

我已经尝试过:

• 改为通过电子邮件地址身份查询。这样就成功了。
• 首次使用电话号码登录，以防需要进行某种初始化。用户仍未返回。
• 通过用户属性mobilePhone查询。 Querying by mobilePhone requires setting ConsistencyLevel=eventual ，和ConsistencyLevel=eventual is not supported in Azure AD B2C .

下面是成功创建测试用户的请求，后面是尝试通过电子邮件地址或电话号码查找该用户的请求。

变量 {{B2C_TENANT}} 是完整的租户域:example.onmicrosoft.com。

创建用户

首先，我创建用户并为其提供两个登录身份:一个使用电子邮件地址，一个使用电话号码。

请求:

POST /v1.0/users HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json

{
    "accountEnabled": true,
    "displayName": "Stephen",
    "passwordPolicies": "DisablePasswordExpiration",
    "passwordProfile": {
        "password": "asdkljfdklsj2340982304#$#$",
        "forceChangePasswordNextSignIn": false
    },
    "identities": [
        {
          "signInType": "emailAddress",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="98ebecfde8f0fdf6d8fde0f9f5e8f4fdb6fbf7f5" rel="noreferrer noopener nofollow">[email protected]</a>"
        },
        {
            "signInType": "phoneNumber",
            "issuer": "{{B2C_TENANT}}",
            "issuerAssignedId": "+13105551234"
        }
    ]
}

通过手机查找用户

此请求始终返回空结果集，就好像不存在具有给定电话号码的用户一样。

请求:

GET /v1.0/users/?$filter=identities/any(id:id/issuer eq '{{B2C_TENANT}}' and id/issuerAssignedId eq '+13105551234') HTTP/1.1
Host: graph.microsoft.com

回应:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
  "value": []
}

通过电子邮件查找用户

此请求返回用户。如果我选择身份，我可以看到它包含我在上一个请求中尝试查询的电话号码登录。

请求:

GET /v1.0/users/?$filter=identities/any(ident:ident/issuer eq '{{B2C_TENANT}}' and ident/issuerAssignedId eq '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="82f1f6e7f2eae7ecc2e7fae3eff2eee7ace1edef" rel="noreferrer noopener nofollow">[email protected]</a>')&$select=id,userPrincipalName,displayName,identities HTTP/1.1
Host: graph.microsoft.com

回应:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,displayName,identities)",
  "value": [
    {
      "id": "2de83c94-e734-470b-8ca2-c3279c364164",
      "userPrincipalName": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}",
      "displayName": "Stephen",
      "identities": [
        {
          "signInType": "phoneNumber",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "+13105551234"
        },
        {
          "signInType": "emailAddress",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7c0f08190c1419123c19041d110c1019521f1311" rel="noreferrer noopener nofollow">[email protected]</a>"
        },
        {
          "signInType": "userPrincipalName",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}"
        }
      ]
    }
  ]
}

Answer 1

对电话号码进行 URL 编码。 %2B13105551234，然后就可以了。