Share via

Catch REST api call errors in B2C custom policy

Patrice Côté 186 Reputation points
2022-09-01T13:31:01.177+00:00

In my user subscription journey, I have a step that calls a REST service. It's an Azure function that calls Graph to add the user to a Group. Yesterday this function threw an Exception that returned a 500 to the calling policy. Is there any way to "catch" this kind of error and prevent it from crashing the policy execution? Since it's a subscription policy, I'd like to delete the user in a subsequent (conditional with PreCondition) step if an error append in the membership assignment step.

Here's the TP that calls the API : 

   <TechnicalProfile Id="SetUserAppRoleAssignment">  
             <DisplayName>Set groups assigned to the user from caller</DisplayName>  
             <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  
             <Metadata>  
               <Item Key="ServiceUrl">{Settings:SetGroupRoleServiceUrl}</Item>  
               <Item Key="AuthenticationType">None</Item>  
               <Item Key="SendClaimsIn">Body</Item>  
               <Item Key="AllowInsecureAuthInProduction">false</Item>  
               <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>  
               <Item Key="AlwaysUseDefaultValue">true</Item>  
             </Metadata>  
             <InputClaims>  
               <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="userId" Required="true" />  
               <InputClaim ClaimTypeReferenceId="tenantId" DefaultValue="{Settings:TenantObjectId}" />  
               <InputClaim ClaimTypeReferenceId="group_name" DefaultValue="{OAUTH-KV:memberOf}" />  
             </InputClaims>  
             <OutputClaims>  
               <OutputClaim ClaimTypeReferenceId="groups" />  
             </OutputClaims>  
             <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />  
           </TechnicalProfile>

NOTE : this is used in a claims exchange step, not as a ValidationTechnicalProfile, so the "ContinueOnError" property doesn't seem to be an option. 

   <!-- Set group assignment -->  
           <OrchestrationStep Order="4" Type="ClaimsExchange">  
             <ClaimsExchanges>  
               <ClaimsExchange Id="SetUserAppRoleAssignment" TechnicalProfileReferenceId="SetUserAppRoleAssignment" />  
             </ClaimsExchanges>  
           </OrchestrationStep>
Microsoft Security | Microsoft Entra | Microsoft Entra External ID

Answer accepted by question author

Shweta Mathur 30,456 Reputation points Microsoft Employee Moderator
2022-09-05T17:27:35.313+00:00

Hi @Patrice Côté ,

Thanks for reaching out.

I don't believe you can "catch" a non-successful invocation of the REST API. If the REST API is unavailable or it isn't found, then IEF will either display an error message to the end user or return an error response to the end application.

Whenever your API sends an error response to Azure AD B2C, it will halt the execution of the journey and error is sent to application URL.

As mentioned by you, to display the error on the screen, call the REST API as validation technical profile where you can handle this behavior using ContinueOnError.

Thanks,
Shweta

Was this answer helpful?

0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.