We are using the Graph API in C# to read data from AD about users setup in B2C.
We have a number of extension attributes setup in the b2c environment, and we want to be able to read the values of these attributes for users in our C# application.
We can make a successful request to get details on the user using:
graphServiceClient.Users[userId].Request().Select("id,displayName").GetAsync();
Which returns the details on the attributes specified.
However, we can't find an option for getting the extension attribute values back with this request. We have included the name of the attribute using the guid of the application storing the attributes, but the attributes are not returned.
We have also tried the following request, which returns the response of "Extension with given id not found":
var extensionDetails = graphServiceClient.Users[userId].Extensions["extension_{guidWithDashesRemoved}_{attributeName}"].Request().GetAsync();
We are able to do this successfully in Postman with the following get request:
https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,postalCode,extension_{guidWithDashesRemoved}_{attributeName}
Has anyone been able to get the extension attribute values back?
The first code is correct. You need to add the extension property into the select query parameter.
var user = await graphServiceClient.Users[userId]
.Request()
.Select("id,extension_{guidWithDashesRemoved}_{attributeName},displayName")
.GetAsync();
Related
I'm trying to call multiple attributes via the graph api including the authentication email methods.
However when i try to select the authentication attribute, i always receive a null value.
Calling it directly works fine, however that way i need to call the graph api a second time to get all other attributes.
My Call looks something like this.
await _graphClient.Users[userId].Request()
.Select($"displayName,authentication,otherMails,identities).GetAsync();
This way the authentication attributes just shows a null value,
even though the UserAuthenticationMethod.ReadWrite.All is set for the api
Using this works just fine
await _graphClient.Users[userId].Authentication
.EmailMethods["3ddfcfc8-9383-446f-83cc-3ab9be4be18f"].Request().GetAsync();
however my goal would be to get it in one fell swoop, without the need for a second call.
authentication is not a property but a relationship, so you can't specify authentication in .Select(...).
Relationships can be specified in .Expand(...) like
await _graphClient.Users[userId].Request()
.Select($"displayName,otherMails,identities")
.Expand("authentication").GetAsync();
But according to the documentation authentication doesn't support $expand and the endpoint GET /users/{user_id} supports only $select.
So it's not possible to achieve your goal by one call
I'm developing an .NET Web API and using JWT tokens to secure it. In my research of the best way to implement it, i decided to use the jwt claims to also limit the access to content, depending on specific claims present on the token. I can now manually verify if for example, a userId matches with the userId of a record's userId and return it if it's a match, but this is very tedious and not quickly adds up the amount of code just to do the same task...
Is there a way to implement something like an action filter to apply the claims to every request and return only the records that match the information in the token?
Thanks everyone in advance
See this implementation on this project.
https://github.com/cuongle/WebApi.Jwt/blob/master/WebApi.Jwt/Filters/JwtAuthenticationAttribute.cs
It's a simple scenario.
JWT contains a user's id or some claims.
You have a WEB API endpoint like ("GetCurrentUserData()") decorated with your custom ActionFilterAttribute.
Within that method you will call a helper function that will read the current request user claims and return them in a simple form (like user id).
See: Get claims from a WebAPI Controller - JWT Token,
Then within the method you can query/filter your returned data based on the Id/Claims of the current user of the request.
I have added a new custom attribute and selected it in the Application claims
of the signup-signin userflow.
So I created a new user and set a value for this custom attribute during the signup. When I sign in with the user, the attribute is persisted in the token claims so I can get the value from the token.
So now I need to get it using Graph SDK, I am trying to do so using the following code which is inspired from this Microsoft Docs
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var customAttribute = $"extension_clientIdWithoutDash_CustomAttributeName";
var result = await graphClient.Users["2d7f1b9d-b57c-4a1a-bf56-fa27a952bacf"]
.Request()
.Select(customAttribute)
.GetAsync();
var customAttributsAreHere = result.AdditionalData;
But when I check the response the custom attribute is not there. Default attributes are there if I include them in the select. Any clue what may be the reason?
This is the Client Id I am using when requesting the custom attribute as "extension_clientId_customattribute". (but without the hyphens)
You must use client id of the application created with your extensions (depends on how extension was created). Please refer this article:
Extension attributes can only be registered on an application object, even though they might contain data for a user. The extension attribute is attached to the application called b2c-extensions-app. Do not modify this application, as it's used by Azure AD B2C for storing user data. You can find this application under Azure AD B2C, app registrations.
You can find this application in Azure AD -> App Registration.
I am working on a project in which i need to create shortened url. I am using google url shortener. Is there any way to retrieve all the urls created using the google account or using the api key
You should use this.
GET https://www.googleapis.com/urlshortener/v1/url/history
In the headers, set Authorization header to Bearer <authtoken>
Make sure you have a valid OAuth Token. Retrieving the Shortened URL History List of a user requires an access token.
You could generate one here for testing it out
I'm working on an AWS project. We want to be able to issue STS temporary security credentials, with limited permissions, in order to access AWS services. We're working in .Net Core with C#.
We're using STS AssumeRoleAsync(), which is the .Net SDK's method for using the AWS AssumeRole action, to generate these credentials. The response from the call to AssumeRoleAsync() is an AssumeRoleResponse object, which is comprised in part of an AssumeRoleUser object and a Credentials object. One of the properties of AssumedRoleUser is AssumedRoleId, which is in the form of role-id:role-session-name.
We have a Lambda function which handles calling AssumeRoleAsync and returning the generated credentials in the form of a JSON object. That Lambda function is called via an API Gateway method.
All of this is working fine. The above was just to set the scene.
The next thing we want to be able to do is to use the STS temporary credentials to make other calls into AWS services. When that happens, we want be able to use GetCallerIdentity() to retrieve the AssumedRoleId for the person to whom the credentials were issued. In particular, the role-session-name is of interest to us.
So to try to accomplish this, I created another Lambda function behind another API Gateway method. I set this API Gateway method to use AWS_IAM authorization in its Method Request configuration. In its Integration Request, I configured it to Invoke with caller credentials. The Lambda function simply accepts the incoming request and calls GetCallerIdentity() and returns the result. I used the credentials returned from the previous AssumeRoleAsync() call in the request's authorization header.
Based on the information found in the docs for GetCallerIdentity and in the Principal Table to which that page refers, I expect to receive the following items in response from the GetCallerIdentity() call:
Account
Arn
UserId (this is the important bit for this discussion)
The UserId should be in the form of role-id:caller-specified-role-name, exactly the same form in which the AssumedRoleId from the call to AssumeRoleAsync was returned. That would allow me to get the caller-specified-role-name and do what we need to do with it.
But that isn't what is returned in the UserId property of the response from GetCallerIdentity().
Instead, all that the UserId property contains is the role-id — it completely omits the essential caller-specified-role-name.
Has anyone else seen this behavior? Am I overlooking something simple? Could this be a bug in the response from GetCallerIdentity?
I'm using the following Amazon SDK components and versions to make these various calls:
Amazon.Lambda.Core/1.0.0
Amazon.Lambda.Serialization.Json/1.1.0
AWSSDK.Core/3.3.14
AWSSDK.Lambda/3.3.6.2
AWSSDK.SecurityToken/3.3.1.9
Thanks for any help you can suggest!
Derek