the sample here is not working and missing the azure function, any remarks on that: https://github.com/azure-ad-b2c/samples/tree/master/policies/selectemail
You need to build the REST API yourself.
The interface of the REST API is in the readme.
The REST API needs to respond with a JSON Array:
{
"emails": [
"email1#contoso.com",
"email2#contoso.com",
"email3#notrealemail.com"
]
}
To augment the sample, you would add an inputClaim to the Get-Emails technical profile to send an identifier in JSON to your REST API. Then your REST API can respond with an appropriate response in the format above.
Related
I'm able to pass attributes through my api connector when a user signs up threw the standard Signin/up user flow just fine to my API. I have a value 'loyaltyId' that i've added as a custom claim in the Azure B2C portal. In my API, I return the 'loyaltyId' that I create in my API.
In my return from my C# API I have
var result = new
{
version = "1.0.0",
action = "Continue",
extension_<my b2c extension app key>_loyaltyId = loyaltyNumber,
};
return Request.CreateResponse(HttpStatusCode.OK, result, Configuration.Formatters.JsonFormatter);
But when it returns It's not showing my returned 'loyaltyId' in the JWT token. It does show all the other attributes in my claims list that are selected except the 'loyaltyId'
"emails": [
"xxxxx#somewhere.com"
],
"newUser": true,
"given_name": "TestFirstName",
"family_name": "TestLastName",
"extension_mobilePhone": "xxxxxxxxxx",
"tfp": "B2C_1_SignUpIn"
}.[Signature]
Any suggestions on what I'm doing wrong?
Thanks!
API connectors in user flows don’t allow token augmentation yet. They can be used to send data you collected from the sign up page to be validated/approved by your API only.
You can use custom policies to achieve your goal here.
Is there a way to do Rest API calls during Sign In in Azure AD B2C policy?
I want to add few properties in claims at the time when user sign in to the application. I can see that it is possible while sign up
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-rest-api-step-custom
But is it possible during Sign In as well ?
If you are using custom policy, it's very similar to Sign-up. You create the technical profile for your REST endpoint and use it either as a ValidationTechnicalProfile in your 'sign-in' technical profile or add it as an orchestration step - depends what you want to do.
Any particular problem you are facing while adding this in your sign-in journey?
I don't have any issue while I am adding sing-in journey.
can call REST API successfully and can received other input values except password value.
Below is the output result from my function app:
GetExternalSystemIdOnLogin got request body:
{
"email": "xxxx#test.com",
"objectId": "dec23a2c-64c3-49c4-9943-4cfe0cffa0ed"
}
Could someone provide with the rest api url for finding the tfid for an Azure Devops ad group ?
I am trying to restrict branch permissions for certain AD groups,
"https://dev.azure.com/{organization}/{}/_api/_security/DisplayPermissions?__v=5&tfid={}&permissionSetId={}&permissionSetToken=repoV2%2F{}%2F{}%2Frefs%5Eheads%5E{}%2F".format(projectID, contributorTfid, nameToken, projectID, repoID, permbranchList[k])
only the contributor tfid here is unknown for me.
Using this rest api endpoint, I have to obtain the permissiontoken
later, using permisisontoken using the json
branchPermissionbody = {
"token": "{}".format(permissionToken),
"merge": True,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.Identity;{}".format(descriptorIdentifier),
"deny": 4,
"extendedinfo": {}
}
]
}
I am making a post request to post the restriction on the branches
There are two ways to get the TeamFoundationId.
You can use below REST API to get the groups in your organization.
https://vssps.dev.azure.com/{orgname}/_apis/graph/groups?api-version=5.1-preview.1
Then use Ctrl + F to search the groups in the certain project. The originid is the TeamFoundationId. More details information about this REST API, you can refer to https://learn.microsoft.com/zh-cn/rest/api/azure/devops/graph/groups?view=azure-devops-rest-5.1.
Also you can use F12 to manual catch the TeamFoundationId. Log in to Project settings-> Repositories, then click F12 to open the Network console. Clear sessions then change the group permission. You can get the TeamFoundationId in the Request body or Response body.
I had seen multiple examples how to use Azure API manager using powershell to retreive password for SCM but unable to find any example using it without powershell i.e. something execution in shell command line. i am also looking for example for saving and deploying my api
You can always inspect any Azure service API in action by doing what you need in Azure portal and seeing what requests get sent. Correlating them with documentation helps. So to get access token for SCM endpoint in APIM you need:
With any Azure credentials make a GET call to https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.ApiManagement/service/.../tenant/access/git?api-version=2018-01-01
in response you will get a payload similar to:
{
"id": "XXX",
...
}
Take "id" from that payload and make a POST call to https://management.azure.com/subscriptions/.../resourceGroups/.../providers/Microsoft.ApiManagement/service/.../users/XXX/token?api-version=2018-01-01
you will get your token:
{
"value":"..."
}
This is with the REST api and the GitHub C# client. I create an envelope and send it off using the CreateEnvelope call. I see the deserialize calls JsonConvert.DeserializeObject on the content using the EnvelopeSummary model and it works as expected. Can EnvelopeSummary return what it does now, but also custom fields if I supplied them. I can make an additional call with the envelopeid to get this info. I would like to avoid that.
You will have to make a separate API call to retrieve the envelope custom fields.
(listCustomFields)
As per the API documentation, CreateEnvelope returns the envelopeSummary object which contains the following four properties
envelopeId
status
statusDateTime
uri
Here is a sample response.
{
"envelopeId": "91d26c0d-2e5f-40d9-bf5e-de19539d5ebf",
"uri": "/envelopes/91d26c0d-2e5f-40d9-bf5e-de19539d5ebf",
"statusDateTime": "2017-01-24T18:33:06.8230000Z",
"status": "sent"
}
Use the Connect publishing service. Implement a "Connect Listener" (a Web application) and register to receive push envelope status messages, which include the envelope custom fields.
Using Connect is considered a "best practice" and does not use any API calls (does not impact your quota, does not require an API Certification). Go to the DocuSign Dev Center and look for info on Connect or "Webhooks".