我无法通过用于使用 Microsoft Graph API 登录的电话号码在 Azure AD B2C 中找到用户。根据to the documentation ,只要我在过滤器中提供 issuer
和 issuerAssignedId
,我就应该能够通过用户的身份查询用户,但我总是收到一个空的结果集。
我已经尝试过:
- 改为通过电子邮件地址身份查询。这样就成功了。
- 首次使用电话号码登录,以防需要进行某种初始化。用户仍未返回。
- 通过用户属性
mobilePhone
查询。 Querying by mobilePhone requires setting ConsistencyLevel=eventual ,和ConsistencyLevel=eventual is not supported in Azure AD B2C .
下面是成功创建测试用户的请求,后面是尝试通过电子邮件地址或电话号码查找该用户的请求。
变量 {{B2C_TENANT}}
是完整的租户域:example.onmicrosoft.com
。
创建用户
首先,我创建用户并为其提供两个登录身份:一个使用电子邮件地址,一个使用电话号码。
请求:
POST /v1.0/users HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
{
"accountEnabled": true,
"displayName": "Stephen",
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": {
"password": "asdkljfdklsj2340982304#$#$",
"forceChangePasswordNextSignIn": false
},
"identities": [
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="98ebecfde8f0fdf6d8fde0f9f5e8f4fdb6fbf7f5" rel="noreferrer noopener nofollow">[email protected]</a>"
},
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
}
]
}
通过手机查找用户
此请求始终返回空结果集,就好像不存在具有给定电话号码的用户一样。
请求:
GET /v1.0/users/?$filter=identities/any(id:id/issuer eq '{{B2C_TENANT}}' and id/issuerAssignedId eq '+13105551234') HTTP/1.1
Host: graph.microsoft.com
回应:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": []
}
通过电子邮件查找用户
此请求返回用户。如果我选择身份
,我可以看到它包含我在上一个请求中尝试查询的电话号码登录。
请求:
GET /v1.0/users/?$filter=identities/any(ident:ident/issuer eq '{{B2C_TENANT}}' and ident/issuerAssignedId eq '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="82f1f6e7f2eae7ecc2e7fae3eff2eee7ace1edef" rel="noreferrer noopener nofollow">[email protected]</a>')&$select=id,userPrincipalName,displayName,identities HTTP/1.1
Host: graph.microsoft.com
回应:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,displayName,identities)",
"value": [
{
"id": "2de83c94-e734-470b-8ca2-c3279c364164",
"userPrincipalName": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}",
"displayName": "Stephen",
"identities": [
{
"signInType": "phoneNumber",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "+13105551234"
},
{
"signInType": "emailAddress",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7c0f08190c1419123c19041d110c1019521f1311" rel="noreferrer noopener nofollow">[email protected]</a>"
},
{
"signInType": "userPrincipalName",
"issuer": "{{B2C_TENANT}}",
"issuerAssignedId": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}"
}
]
}
]
}
最佳答案
对电话号码进行 URL 编码。 %2B13105551234
,然后就可以了。
关于azure - Graph API 无法按用于登录的电话号码筛选 Azure AD B2B 用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71084662/