Search code examples
pythonazure-ad-b2cazure-ad-msalazure-app-registrationmsal

Automate creation of custom user flow attributes Python Azure B2C

So far success in getting existing custom user flow attributes with Microsoft Graph in Python

import msal

# Replace with your Azure AD B2C configuration
tenant_id = 'tenantID'
client_id = 'appID'
client_secret = 'secret'
authority = f'https://login.microsoftonline.com/{tenant_id}'

# Create a confidential client application
app = msal.ConfidentialClientApplication(
    client_id=client_id,
    client_credential=client_secret,
    authority=authority
)

# Acquire a token
result = app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default'])
access_token = result['access_token']

# Make a request to retrieve custom user attributes
import requests

graph_url = f"https://graph.microsoft.com/v1.0/identity/userFlowAttributes?$filter=userFlowAttributeType eq 'custom'"

response = requests.get(graph_url, headers={'Authorization': f'Bearer {access_token}'})

if response.status_code == 200:
    result = response.json()
    print(result)
else:
    print("Error:", response.status_code, response.text)

How to automate the creation of custom user flow attributes like age with int type without Portal using Microsoft graph in Python

Solution

  • You need to assign IdentityUserFlow.ReadWrite.All permission in your application, that is required for creating custom user attributes:

    enter image description here

    Now, modify your code to run POST request in order to create custom user attributes like this:

    import msal
import requests

tenant_id = 'tenantID'
client_id = 'appID'
client_secret = 'secret'
authority = f'https://login.microsoftonline.com/{tenant_id}'

app = msal.ConfidentialClientApplication(
    client_id=client_id,
    client_credential=client_secret,
    authority=authority
)

result = app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default'])
access_token = result['access_token']

body = {
    "displayName": "Age",
    "description": "Your age",
    "dataType": "int64",
}

graph_url = "https://graph.microsoft.com/v1.0/identity/userFlowAttributes"
headers = {
    'Authorization': f'Bearer {access_token}',
    'Content-Type': 'application/json',
}

response = requests.post(graph_url, json=body, headers=headers)

if response.status_code == 201:
    print("Custom attribute created successfully!\n")
    result = response.json()
    print(result)
else:
    print("Error:", response.status_code, response.text)

    Response:

    enter image description here

    To confirm that, I checked the same in Portal where custom user flow attribute created successfully:

    enter image description here

    Reference: Create identityUserFlowAttribute - Microsoft Graph