Search code examples
pythonazure-ad-b2cazure-ad-msalazure-app-registrationmsal

Parsing OData Select and Expand failed: Term 'customAttribute1', 'customAttribute2' is not valid in a $select or $expand expression

We want to retrieve only Personnalise(custom) user attributes using Python.

enter image description here

So far success in getting token but failed at making requests to graph.

#code de chatgpt
import msal

# Replace with your Azure AD B2C configuration
tenant_id = 'your-tenant-id'
client_id = 'your-client-id'
client_secret = 'your-client-secret'
authority = f'https://login.microsoftonline.com/{tenant_id}'

# Replace with the custom attributes you want to retrieve
custom_attributes = ['customAttribute1', 'customAttribute2']

# Create a confidential client application
app = msal.ConfidentialClientApplication(
    client_id=client_id,
    client_credential=client_secret,
    authority=authority
)

# Acquire a token
result = app.acquire_token_for_client(scopes=['https://{your-tenant-name}.onmicrosoft.com/{policy-name}/read'])
access_token = result['access_token']

# Make a request to retrieve user attributes
import requests

user_id = 'user-object-id'  # Replace with the object ID of the user
graph_url = f'https://graph.microsoft.com/v1.0/users/{user_id}?$select={",".join(custom_attributes)}'

response = requests.get(graph_url, headers={'Authorization': f'Bearer {access_token}'})

if response.status_code == 200:
    user_data = response.json()
    print("User attributes:", user_data)
else:
    print("Error:", response.status_code, response.text)

[Erreur message](https://i.imgur.com/GRDRIOn.png)

Error: 400 {"error":{"code":"BadRequest","message":"Parsing OData Select and Expand failed: Term 'customAttribute1', 'customAttribute2' is not valid in a $select or $expand expression.","innerError":{"date":"2023-08-31T16:41:31","request-id":"c82856a0-e6f8-9939-d7e11e47ddea","client-request-id":"c82856a0-e6f8-9939-d7e11e47ddea"}}}
Solution

  • Note that, the error occurred as you are using wrong graph endpoint to fetch custom user attributes.

    I created few custom user attributes in my Azure AD B2C tenant like below:

    enter image description here

    I ran below query in Graph Explorer and got custom user attributes successfully in response:

    GET https://graph.microsoft.com/v1.0/identity/userFlowAttributes?$filter=userFlowAttributeType eq 'custom'

    Response:

    enter image description here

    To get the same results from Python, I registered one application and assigned IdentityUserFlow.Read.All permission as below:

    enter image description here

    When I ran below modified code by changing the graph request, I got custom user attributes in response:

    import msal

# Replace with your Azure AD B2C configuration
tenant_id = 'tenantID'
client_id = 'appID'
client_secret = 'secret'
authority = f'https://login.microsoftonline.com/{tenant_id}'

# Create a confidential client application
app = msal.ConfidentialClientApplication(
    client_id=client_id,
    client_credential=client_secret,
    authority=authority
)

# Acquire a token
result = app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default'])
access_token = result['access_token']

# Make a request to retrieve custom user attributes
import requests

graph_url = f"https://graph.microsoft.com/v1.0/identity/userFlowAttributes?$filter=userFlowAttributeType eq 'custom'"

response = requests.get(graph_url, headers={'Authorization': f'Bearer {access_token}'})

if response.status_code == 200:
    result = response.json()
    print(result)
else:
    print("Error:", response.status_code, response.text)

    Response:

    enter image description here

    Reference: List identityUserFlowAttributes - Microsoft Graph