问题
If I have a user in Aure AD B2C that was created based on an Azure AD (enterprise) identity (as described here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom), is there an attribute stored in AADB2C that will allow me to look up (using Graph API or similar) the user object in AAD? I see that among the AADB2C attributes there is userPrincipalName and issuerUserId but it's not obvious to me if either of these match any value stored in AAD.
thanks!
Martin
回答1:
For an external account, the external issuer (i.e., Azure AD) and the external user identifier (i.e., the object identifier of the Azure AD user) are written to the "userIdentities" property of the user object in the Azure AD B2C directory, where the "issuerUserId" property contains the Base64-encoding of the external user identifier:
{
"userIdentities": [
{
"issuer": "contoso.com",
"issuerUserId": "Mjk2NzdlNTAtY2MwZS00MmU5LWJhNWMtZjFmMDdkZTUwMDhm"
}
]
}
To find the user object by the external account, you can invoke the following Graph API operation, where the "x/issuerUserId" value is set to the hexadecimal-encoding of the external user identifier:
GET https://graph.windows.net/myorganization/users?$filter=userIdentities/any(x:x/issuer eq 'contoso.com' and x/issuerUserId eq X'32393637376535302d636330652d343265392d626135632d663166303764653530303866')
来源:https://stackoverflow.com/questions/48652275/look-up-user-in-aad-based-on-aadb2c-attribute-value