Graph API Azure B2C: Filter for String extension attribute not working

Andre Crettaz 21 Reputation points
2021-05-20T12:14:43.38+00:00

Hi

I'm trying to run a graph api query with a filter criteria on a custom attribute in a b2c tenant. (The name of the extension apparently needs to be Uppercase in the filter clause opposed to the select clause -> "Title vs title", otherwise i get an exeception in the response).

https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,surname,extension_[..]_customerId,extension_[..]_title,extension_[..]_locked,identities,preferredLanguage&$filter=startsWith(extension_[...]_Title,'He')

But the response is always empty.

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,givenName,surname,extension_[..]_customerId,extension_[..]_title,extension_[..]_locked,identities,preferredLanguage)",
    "value": []
}

If i run the query without filter criteria i receive data.

https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,surname,extension_[..]_customerId,extension_[..]_title,extension_[..]_locked,identities,preferredLanguage

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,givenName,surname,extension_[..]_customerId,extension_[..]_title,extension_[..]_locked,identities,preferredLanguage)",
    "value": [
        {
            "id": "[..]",
            "displayName": "[..]",
            "givenName": "[..]",
            "surname": "[..]",
            "preferredLanguage": "de",
            "extension_[..]_customerId": "[..]",
            "extension_[..]_title": "Herr",
            "extension_[..]_locked": false,
            "identities": [

The filtering actually works for boolean values, but not for String values. This one works.

https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,surname,extension_[..]_customerId,extension_[..]_title,extension_[..]_locked,identities,preferredLanguage&$filter=extension_[..]_locked eq false

Anyone had the same issue and knows how to fix this?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,253 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,908 questions
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,646 Reputation points
    2021-06-03T07:10:24.177+00:00

    Hi @Andre Crettaz · Thank you for your time on call today.

    The token that you were passing in the Authorization header, didn't include Directory.AccessAsUser.All permission. Which is why the call was not returning the Extension property of the target user and filtering was not working as expected.

    We were able to get the desired output with $filter parameter after consenting for Directory.AccessAsUser.All permission. By granting this permission, we grant Graph API to access the directory on behalf of the user, whose token we pass in the authorization header.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Shweta Choudhary 601 Reputation points Microsoft Employee
    2021-06-01T09:42:21.92+00:00

    @Andre Crettaz
    Make sure you use the GUID of B2C extension application (without hyphens) after extension_ in the attribute name and try once. It should work.

    For e.g.
    GET https://graph.microsoft.com/v1.0/users?$select=id,givenName,surname,extension_2ad62ac450xxxxxxxxfd85dea302d1b5_ShoeSize&$filter=startsWith(extension_2ad62ac450xxxxxxxxfd85dea302d1b5_codename,'Al')

    Let me know if this doesn't work.

    Please upvote in this resolves your issue. Thanks!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.