Share via

Get user Query with Plus Sign in Username

Tarkowski, Michael (M.) 156 Reputation points
2023-04-04T14:21:22.58+00:00

Using MS graph API, I can query a user account using their id value and it works fine. Issue - when using MS graph API, I can query a user account using their username (which has a + sign) it fails. This works fine.

curl --location 'https://graph.microsoft.com/beta/users?%24filter=id%20eq%20%278159db30-d3d4-489b-acf4-c6712c2c83ee%27'

"identities": [
                {
                    "signInType": "emailAddress",
                    "issuer": "OURTEST.onmicrosoft.com",
                    "issuerAssignedId": "******@gmail.com"
                },
                {
                    "signInType": "userPrincipalName",
                    "issuer": "OURTEST.onmicrosoft.com",
                    "issuerAssignedId": "******@B2CQAFORD.onmicrosoft.com"

                }
            ]

This fails. Note - if I use the same query for a user without a + sign in the issuerAssignedId it works fine. Only when the issuerAssignedId has a + sign does the query fail.

curl --location 'https://graph.microsoft.com/beta/users?%24filter=identities%2Fany(a%3Ac%2FissuerAssignedId%20eq%20%27test%2Btest1%40gmail.com%27%20and%20a%2Fissuer%20eq%20%27B2CQAFORD.onmicrosoft.com%27)'

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#users",
    "value": []
}
Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-04-05T07:09:18.1966667+00:00

    Hi @Tarkowski, Michael (M.) , The '+' sign is a special character. When calling APIs, special characters must be encoded before they can be used. So the original API should be:

    https://graph.microsoft.com/beta/users?$filter=identities/any(a:c/issuerAssignedId eq '******@gmail.com' and a/issuer eq 'B2CQAFORD.onmicrosoft.com')

    After encoding:

    https://graph.microsoft.com/beta/users?%24filter%3Didentities%2Fany(a%3Ac%2FissuerAssignedId%20eq%20'test%252Btest1%40gmail.com'%20and%20a%2Fissuer%20eq%20'B2CQAFORD.onmicrosoft.com')

    A simple API call test: User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-04-04T15:42:23.8266667+00:00

    Hello Tarkowski, Michael (M.) ,

    Thanks for reaching out!
    As per the documentation, issuerAssignedId can only contain alphanumeric characters and the following symbols: '-' or '_'
    issuerAssignedId : Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).
    When signInType is set to:

    • emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email address.
    • userName, issuerAssignedId must begin with an alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or _

    Please refer to this documentation for more details.

    Please Note: APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

    Hope this helps. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.