Microsoft Graph API-在具有本地帐户身份的Azure AD B2C中创建用户会显示Request_ResourceNotFound错误

时间:2020-05-18 15:29:49

标签: azure-active-directory microsoft-graph-api azure-ad-b2c

我的目标是在 Azure Active Directory B2C 中创建一个本地帐户,例如michele@gmail.com

我想使用自己的UI,所以我开始研究如何实现API。经过研究,看来最好的方法应该是通过Microsoft Graph。

我从遵循Manage Azure AD B2C user accounts with Microsoft Graph开始,并正确创建了一个应用程序(不确定是否需要选择第三个选项,但看起来像是更广泛的一个):

enter image description here

具有以下权限(也在@Tony Ju屏幕截图之后更新):

enter image description here

然后,我创建了客户密码并为自己的auth provider

编写了代码 
const { AuthenticationContext } = require('adal-node');

class AuthProvider {

    async getAccessToken() {
        return new Promise((resolve, reject) => {
            const tenant = 'tenant';
            const authority = `https://login.microsoftonline.com/${tenant}`;

            const authenticationContext = new AuthenticationContext(authority);

            const resource = 'https://graph.microsoft.com';
            const clientId = 'clientId';
            const clientSecret = 'clientSecret';

            authenticationContext.acquireTokenWithClientCredentials(
                resource,
                clientId,
                clientSecret,
                (err, tokenResponse) => {
                    if (err) {
                        console.error('error!', err);
                        return reject(err);
                    }
                    return resolve(tokenResponse.accessToken);
                },
            );
        });
    }
}

并初始化客户端

require('isomorphic-fetch'); //needed for server side request with the client
const { Client } = require('@microsoft/microsoft-graph-client');

const options = {
    authProvider: new AuthProvider(),
};
const client = Client.initWithMiddleware(options);

Following the official documentation,我创建一个本地帐户

const user = {
    displayName: 'John Smith',
    identities: [
        {
            signInType: 'emailAddress',
            issuer: 'MY_ISSUER.onmicrosoft.com',
            issuerAssignedId: 'jsmith@yahoo.com',
        },
    ],
    passwordProfile: {
        password: 'df42bfe2-8060-411f-b277-06b819874573',
    },
    passwordPolicies: 'DisablePasswordExpiration',
};

client
    .api('/users')
    .post(user)
    .then(data => console.log(data))
    .catch(e => console.error(e))

我又得到了这个“ Request_ResourceNotFound”错误

GraphError {
  statusCode: 404,
  code: 'Request_ResourceNotFound',
  message:
   'Resource \'User_30140fa1-ae7e-40b7-ad5a-ef4d0b4cd4dc\' does not exist or one of its queried reference-property objects are not present.',
  requestId: 'fbf4c987-0383-472a-bc22-c94f98710344',
  date: 2020-05-18T13:19:14.000Z,
  body:
   '{"code":"Request_ResourceNotFound","message":"Resource \'User_30140fa1-ae7e-40b7-ad5a-ef4d0b4cd4dc\' does not exist or one of its queried reference-property objects are not present.","innerError":{"request-id":"fbf4c987-0383-472a-bc22-c94f98710344","date":"2020-05-18T15:19:14"}}' }

该错误无济于事,我也不知道如何继续。基本配置看起来正确,因为我能够获得所有用户以及create a user in the same tenant

我想念什么?通过遵循官方文档,感到此类错误很奇怪。我开始认为我需要使用邀请API,但我只想创建一个用户,而不涉及完整的电子邮件验证流程。另外,我真正需要的是官方文档,我希望它能正常工作。所以也许我这边有些问题。

1 个答案:

答案 0 :(得分:1)

您的代码运行完美。我只在您的代码中更新了 tenant clientId clientSecret MY_ISSUER 。这是我运行的全部代码。

const { AuthenticationContext } = require('adal-node');
class AuthProvider {
    async getAccessToken() {
        return new Promise((resolve, reject) => {
            const tenant = '6b72a356-867d-4c35-bde6-959d99388ca8';
            const authority = `https://login.microsoftonline.com/${tenant}`;

            const authenticationContext = new AuthenticationContext(authority);

            const resource = 'https://graph.microsoft.com';
            const clientId = '270408b5-85a6-4e99-861e-7634853a5827';
            const clientSecret = 'VYD_F_Rr~eHYqLtTXqa1~1KRS_932yNw35';

            authenticationContext.acquireTokenWithClientCredentials(
                resource,
                clientId,
                clientSecret,
                (err, tokenResponse) => {
                    if (err) {
                        console.error('error!', err);
                        return reject(err);
                    }
                    return resolve(tokenResponse.accessToken);
                },
            );
        });
    }
}
require('isomorphic-fetch'); //needed for server side request with the client
const { Client } = require('@microsoft/microsoft-graph-client');

const options = {
    authProvider: new AuthProvider(),
};
const client = Client.initWithMiddleware(options);

const user = {
    displayName: 'John Smith',
    identities: [
        {
            signInType: 'emailAddress',
            issuer: 'tonyb2ctest.onmicrosoft.com',
            issuerAssignedId: 'jsmith4@yahoo.com',
        },
    ],
    passwordProfile: {
        password: 'df42bfe2-8060-411f-b277-06b819874573',
    },
    passwordPolicies: 'DisablePasswordExpiration',
};

client
    .api('/users')
    .post(user)
    .then(data => console.log(data))
    .catch(e => console.error(e))

结果:

enter image description here

我在Azure Active Directory下注册了一个应用程序,并授予了 Directory.ReadWrite.All 权限。

enter image description here

enter image description here

相关问题
最新问题