AADSTS1100001 Error when Implementing Custom Extension for OnAttributeCollectionSubmit Event in Microsoft Entra ID

Aakash Goswami 25 Reputation points
2024-11-11T11:56:57.25+00:00

I'm implementing a custom authentication extension in Microsoft Entra ID to modify the sign-up experience in my customer self-service sign-up user flow. I’ve registered my custom extension to trigger on the OnAttributeCollectionSubmit event, which occurs after a user submits their sign-up attributes. The goal is to validate and potentially modify the user’s input (e.g., creating a displayName based on firstName and lastName attributes) before continuing with the sign-up flow.

Here's the Microsoft documentation reference I’m following: Custom Extension for OnAttributeCollectionSubmit event.

Problem:

I'm encountering an AADSTS1100001 error when this custom extension is triggered. This error prevents the sign-up flow from progressing as expected.

Details of My Implementation:

Azure Function: I created an Azure Function that receives the OnAttributeCollectionSubmit request, processes the input data, and returns a modified attribute (a displayName).

Expected Request Structure: The request payload from Microsoft Entra ID contains user attributes (e.g., givenName, surname), including custom attributes, as defined in the user flow. Below is a sample structure for the request payload:

{
  "type": "microsoft.graph.authenticationEvent.attributeCollectionSubmit",
  "data": {
    "tenantId": "tenant-id",
    "authenticationContext": { /* context details */ },
    "userSignUpInfo": {
      "attributes": {
        "givenName": { "value": "John" },
        "surname": { "value": "Doe" }
      }     
    }  
 } 
}


Azure Function Code: Here’s the main part of my Azure Function code:

module.exports = async function (context, req) {
    const userSignUpInfo = req.body?.data?.userSignUpInfo?.attributes;
    if (!userSignUpInfo) {
        context.res = {
            status: 400,
            body: {
                data: {
                    "@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
                    actions: [
                        {
                            "@odata.type": "microsoft.graph.attributeCollectionSubmit.showValidationError",
                            message: "Invalid request format: missing userSignUpInfo"
                        }
                    ]
                }
            }
        };
        return;
    }

    const firstName = userSignUpInfo?.givenName?.value || '';
    const lastName = userSignUpInfo?.surname?.value || '';
    const displayName = `${firstName} ${lastName}`.trim();

    context.res = {
        status: 200,
        body: {
            data: {
                "@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
                actions: [
                    {
                        "@odata.type": "microsoft.graph.attributeCollectionSubmit.modifyAttributeValues",
                        attributes: {
                            displayName: displayName
                        }
                    }
                ]
            }
        }
    };
};

Questions:

  1. What could be causing the AADSTS1100001 error in this scenario?
  2. Are there any specific configuration settings or permissions required for the OnAttributeCollectionSubmit event that I might be missing?
  3. Does the schema and response format in my code match the expected format for Microsoft Entra ID, or is there anything incorrect?
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,949 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 13,380 Reputation points Microsoft Vendor
    2024-11-12T21:36:38.3133333+00:00

    Hi @Aakash Goswami

    Thank you for posting this in Microsoft Q&A.

    An error of AADSTS1100001 indicates that there was an issue with the use of the custom claims provider/custom extension. Along with Azure Functions, you can check the sign-in logs under the 'Authentication events' tab to know the exact error.

    For your reference: https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-troubleshoot?tabs=api-testing-tools

    Based on the information you provided, it seems there is an invalid request format: missing userSignUpInfo.

    Below is the sample code for userSignUpInfo:

    userSignUpInfo": {
          "attributes": {
            "givenName": {
              "@odata.type": "microsoft.graph.stringDirectoryAttributeValue",
              "value": "Larissa Price",
              "attributeType": "builtIn
    }
    }
    }
    

    It seems in your code you missed adding @odata.type and attributeType parameters. Can you please also check the code block?

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.