I am creating a Power App which is supposed to modify custom attributes on users on an Azure B2C tenant. However, the only way to update said users is by a Patch call referencing "https://graph.microsoft.com/v1.0/users/object-id" (which I am calling via a Power Automate flow). Since these are b2c users, their actual UPN does not match their email. I need to find a way to get this object ID beforehand so I can pass the appropriate patch call. Any tips? Thanks!
I tried using an Azure AD connector in Power Automate flow using the email of the user, but that is not their actual upn.
https://graph.microsoft.com/v1.0/users?$filter=displayName eq 'USER DISPLAY NAME'&$select=id
will return user id
Related
Using the Microsoft Graph API v 1.0, how can I retrieve the user's MFA details?
For example, if I have an email based sign-in/sign-up policy with phone/SMS MFA, how can I see the phone number entered by the user? (and also set update it)
I know if I select 'identities' in the GET /users method I can see the email they've signed up with, but not the phone number they set for MFA. (https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0)
Of course I'm looking for all the mfa settings: mfa phone number, mfa email address, is mfa set, etc.
Hopefully there is some kind of extension attribute that contains this that I can select, and set on creation, but I cannot find documentation on this.
[UPDATE]
In the Azure portal, I can see the entered data if I go to user > profile > authentication methods. So I tried accessing the authentication relationships on the user. but it didn't provide any details (all empty arrays) https://learn.microsoft.com/en-us/graph/api/resources/authentication?view=graph-rest-1.0
There's a write-up here.
e.g:
GET https://graph.microsoft.com/beta/users/objectID/authentication/methods
Is there a way to get all user messages (emails) for a tenant in a single API call? This would be for a daemon app with admin consent not logging in on behalf of a user.
such as:
"endpoint": "https://graph.microsoft.com/v1.0/users/messages"
instead of:
GET /users/{id | userPrincipalName}/messages
Or is it required to get a list of active users first and make API calls for each user id to get messages individually?
Obviously, you could not get all user's messages directly with the single API. As you said, you could get a list of users then loop to call this API by the user's object id.
There is a sample as a reference about looping to query using Powershell.
On the document, I just found I can get displayName from
/drive
But no email
If I want to use this API, can I only through Microsoft Graph?
This is available using the Microsoft Graph API , if your app has requested User.Read permissions.
You can make a request to get the signed in user's email:
GET https://graph.microsoft.com/v1.0/me/mail
Or you can make a request to get a particular user's email, based on a user ID:
GET https://graph.microsoft.com/v1.0/users/{userId}/mail
You can also use the createdByUser and lastModifiedByUser navigation properties on an item to retrieve the email address for the user who created/modified the file.
To call Microsoft Graph, you need to use the AAD OAuth v2 authorization / token end point. It's different than what you would have been using for OneDrive personal previously, but documented here: https://dev.onedrive.com/auth/graph_oauth.htm
I'm following the client side authentication as described at https://developers.google.com/accounts/docs/OAuth2UserAgent
I am routinely signed on to multiple Google accounts. Normally, the flow will prompt me to choose which account I want to authenticate with. However there are sometimes instances where it assumes the first account I signed in with, which is not the account I wish to use.
When users register with my service, they do so with a specific email address (and google id).
How do I qualify the oauth dialogue such that it will always take place using only the specified user?
On https://developers.google.com/drive/about-auth I can see a comment...
Note: If you want to use the user_id parameter to select the current user from
(potentially) multiple logged-in accounts,
also add https://www.googleapis.com/auth/userinfo.email.
The implies that there is a user_id parameter I can include in the oauth call, but I can't see it documented anywhere, and there is nowhere in the Javascript API where I can inject a user_id.
Add the user_id parameter to your Authorization URI.
gapi.auth.authorize({..., user_id: 'ali#gmail.com'}, handleAuthResult);
I'm currently creating a web app using Google's oAuth. I was wondering how I can uniquely identify an authenticated user so I don't accidentally add duplicates.
Doesn't Google give you other unique params like user name or user ID?
For example, Twitter and Facebook, give you user name and a unique url that identifies user's profile picture. If you save that params on server-side you can identify user next time that he comes on your site.
The best way to do this would be to use OpenID with the oAuth extension (aka hybrid).
I am currently using OAuth exclusively and I am requesting the https://www.googleapis.com/auth/userinfo#email scope as described on http://sites.google.com/site/oauthgoog/Home/emaildisplayscope to get the email address of the authenticated user. I am using the email address to uniquely identify the user. This should be good enough for now.
Edited:
According to a recent Google developer comment (https://groups.google.com/group/oauth2-dev/browse_thread/thread/cf5c137f872f9932), they are currently working on this problem, but for anything production ready, you should use OpenID authentication.
You should save somewhere the user_id you have for your users in your site, along with the corresponding access_token and access_token_secret.
Then you can query that table (or wherever you save that information) with the user_id and obtain the proper tokens
Regards