I'm implementing a custom authentication extension in Microsoft Entra ID to modify the sign-up experience in my customer self-service sign-up user flow. I’ve registered my custom extension to trigger on the OnAttributeCollectionSubmit
event, which occurs after a user submits their sign-up attributes. The goal is to validate and potentially modify the user’s input (e.g., creating a displayName
based on firstName
and lastName
attributes) before continuing with the sign-up flow.
Here's the Microsoft documentation reference I’m following: Custom Extension for OnAttributeCollectionSubmit event.
Problem:
I'm encountering an AADSTS1100001
error when this custom extension is triggered. This error prevents the sign-up flow from progressing as expected.
Details of My Implementation:
Azure Function: I created an Azure Function that receives the OnAttributeCollectionSubmit
request, processes the input data, and returns a modified attribute (a displayName
).
Expected Request Structure: The request payload from Microsoft Entra ID contains user attributes (e.g., givenName
, surname
), including custom attributes, as defined in the user flow. Below is a sample structure for the request payload:
{
"type": "microsoft.graph.authenticationEvent.attributeCollectionSubmit",
"data": {
"tenantId": "tenant-id",
"authenticationContext": { /* context details */ },
"userSignUpInfo": {
"attributes": {
"givenName": { "value": "John" },
"surname": { "value": "Doe" }
}
}
}
}
Azure Function Code: Here’s the main part of my Azure Function code:
module.exports = async function (context, req) {
const userSignUpInfo = req.body?.data?.userSignUpInfo?.attributes;
if (!userSignUpInfo) {
context.res = {
status: 400,
body: {
data: {
"@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
actions: [
{
"@odata.type": "microsoft.graph.attributeCollectionSubmit.showValidationError",
message: "Invalid request format: missing userSignUpInfo"
}
]
}
}
};
return;
}
const firstName = userSignUpInfo?.givenName?.value || '';
const lastName = userSignUpInfo?.surname?.value || '';
const displayName = `${firstName} ${lastName}`.trim();
context.res = {
status: 200,
body: {
data: {
"@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
actions: [
{
"@odata.type": "microsoft.graph.attributeCollectionSubmit.modifyAttributeValues",
attributes: {
displayName: displayName
}
}
]
}
}
};
};
Questions:
- What could be causing the
AADSTS1100001
error in this scenario?
- Are there any specific configuration settings or permissions required for the
OnAttributeCollectionSubmit
event that I might be missing?
- Does the schema and response format in my code match the expected format for Microsoft Entra ID, or is there anything incorrect?