How to get custom attributes when signin with Azure AD B2C

hiepbui · April 17, 2018, 9:47am

Hi all,
I use .NET framework to working with Auth0 and Azure AD B2C. But I don’t know how to get all attributes of a user on Azure AD.
var profile = await client.GetUserInfoAsync(token.AccessToken);
The current API just get simple attributes.
Please help me clarify it.
Thanks so much.

kimcodes · April 17, 2018, 1:36pm

@hiepbui what kind of attributes are you looking to get? And which API are you referring to, is it the Azure AD Graph API?

hiepbui · April 18, 2018, 2:07am

I am using Azure AD B2C, created some custom attributes. Then I created an Enterprise Connection on Auth0 that use for login on my application. I working on .Net framework. But I don’t know way to get that attributes or get all attribute.
AuthenticationApiClient client = new AuthenticationApiClient(
new Uri(string.Format(“https://{0}”, ConfigurationManager.AppSettings[“auth0:Domain”])));

            var token = await client.GetTokenAsync(new AuthorizationCodeTokenRequest
            {
                ClientId = ConfigurationManager.AppSettings["auth0:ClientId"],
                ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"],
                Code = context.Request.QueryString["code"],
                RedirectUri = context.Request.Url.ToString()
            });

            var profile = await client.GetUserInfoAsync(token.AccessToken);

If I use Azure AD Graph API, I can do it, but with Auth0, that is no way.

kimcodes · April 25, 2018, 8:41pm

Thanks for following up on my question! You’re correct that by default Azure AD sends minimum information of a user. I may need to check with someone who has experience with the Azure AD B2C setup, but I believe we can query the Azure’s Graph API and we can do all that within a Rule. I can go through the overall flow. First we would check and run the rule only for Azure users or a specific connection (I dont think you’d want this to run in other cases) , then proceed to call the API. To do this we would need an access token, either the token given to user by the IdP, if it has the correct permissions, or obtained through the client credentials grant, where we would use the client id/key configured in the AD connection. Once we have our access token we can now call the API and retrieve the attributes we need. If we are able to retrieve the information we would need to store it somewhere as it won’t be saved automatically in the user profile. Depending on the attributes we could store them in the user metadata or app metadata. Let me know if this is along the lines of what you are looking to achieve. More than happy to go back to the drawing board or seek further information if this does not work for an Azure AD B2C scenario.

hiepbui · April 26, 2018, 2:02am

Thanks for your response. That is all thing I looking to achieve. Waiting for more answer. Thank you.