Catch REST api call errors in B2C custom policy

Patrice Côté 186 Reputation points
2022-09-01T13:31:01.177+00:00

In my user subscription journey, I have a step that calls a REST service. It's an Azure function that calls Graph to add the user to a Group. Yesterday this function threw an Exception that returned a 500 to the calling policy. Is there any way to "catch" this kind of error and prevent it from crashing the policy execution? Since it's a subscription policy, I'd like to delete the user in a subsequent (conditional with PreCondition) step if an error append in the membership assignment step.

Here's the TP that calls the API :

   <TechnicalProfile Id="SetUserAppRoleAssignment">  
             <DisplayName>Set groups assigned to the user from caller</DisplayName>  
             <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  
             <Metadata>  
               <Item Key="ServiceUrl">{Settings:SetGroupRoleServiceUrl}</Item>  
               <Item Key="AuthenticationType">None</Item>  
               <Item Key="SendClaimsIn">Body</Item>  
               <Item Key="AllowInsecureAuthInProduction">false</Item>  
               <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>  
               <Item Key="AlwaysUseDefaultValue">true</Item>  
             </Metadata>  
             <InputClaims>  
               <InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="userId" Required="true" />  
               <InputClaim ClaimTypeReferenceId="tenantId" DefaultValue="{Settings:TenantObjectId}" />  
               <InputClaim ClaimTypeReferenceId="group_name" DefaultValue="{OAUTH-KV:memberOf}" />  
             </InputClaims>  
             <OutputClaims>  
               <OutputClaim ClaimTypeReferenceId="groups" />  
             </OutputClaims>  
             <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />  
           </TechnicalProfile>  

NOTE : this is used in a claims exchange step, not as a ValidationTechnicalProfile, so the "ContinueOnError" property doesn't seem to be an option.

   <!-- Set group assignment -->  
           <OrchestrationStep Order="4" Type="ClaimsExchange">  
             <ClaimsExchanges>  
               <ClaimsExchange Id="SetUserAppRoleAssignment" TechnicalProfileReferenceId="SetUserAppRoleAssignment" />  
             </ClaimsExchanges>  
           </OrchestrationStep>  
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
{count} votes

Accepted answer
  1. Shweta Mathur 29,531 Reputation points Microsoft Employee
    2022-09-05T17:27:35.313+00:00

    Hi @Patrice Côté ,

    Thanks for reaching out.

    I don't believe you can "catch" a non-successful invocation of the REST API. If the REST API is unavailable or it isn't found, then IEF will either display an error message to the end user or return an error response to the end application.

    Whenever your API sends an error response to Azure AD B2C, it will halt the execution of the journey and error is sent to application URL.

    As mentioned by you, to display the error on the screen, call the REST API as validation technical profile where you can handle this behavior using ContinueOnError.

    Thanks,
    Shweta

    0 comments No comments

0 additional answers

Sort by: Most helpful