Change Microsoft Entra External ID custom attribute using Microsoft Graph API
We are using Microsoft Entra External ID. I have defined custom user attribute TestAttribute (string) which is collected during the sign up and is also added as a claim into the JWT token. View from Entra admin center -> Enterprise applications -> Single sign-on:
Everything works fine, the token has TestAttr value as expected (collected from sign up).
However, I want to change this value using Graph API. Previously when working with Azure B2C, this code worked fine:
var extensionInstance = new Dictionary<string, object> { { customAttribute, attributeValue } };
var updatedResult = await _graphServiceClient
.Users[userId]
.PatchAsync(new User
{
AdditionalData = extensionInstance
});
where customAttribute was indeed extension_extAppId_testattribute. This doesn't work now - it isn't a part of JWT token anymore once I change it's value although I can see the value when using Microsoft Graph:
var user = await _graphServiceClient.Users[userId].GetAsync(config =>
{
config.QueryParameters.Select = new[] { "extension_extAppId_testattribute" };
});
What bothers me, before changing it via API, this Get request didn't return anything, BUT the collected value was in the token. Logical assumption would be that working with the attributes is different for Entra External ID than for Azure B2C - but I have no idea how to get this to work.
So the question is, how can I change the value of a custom user attribute so that it is still part of the JWT token?
Thanks
I see you have defined a custom user attribute TestAttribute
However, you update extension_extAppId_testattribute later in the source code. I think the problem you have got is case-sensitive related.
Try to update the attribute using the following name extension_extAppId_TestAttribute.
- Microsoft Graph: How to filter users by domain name
- Blazor app hangs after request MS Graph Me.GetAsync()
- Graph API: Either scp or roles claim need to be present in the token
- How do I authorize a Python script to upload to SharePoint Online?
- Cannot fetch the customSecurityAttributes data from Entra ID user Profile using Microsoft Graph API in Dotnet Webapi
- How can I change default tenant in Microsoft Graph Explorer
- PnP Framework assign Permission to the SharePoint Using PowerCell
- How to access a group calendar using Microsoft Graph Api?
- getting color off calendar in microsoft graph api in calendarview
- Adding Students with the API and Class Notebook
- How to find the delay when I reset a password using Microsoft's Graph API?
- GraphServiceClient filter issue
- Verify Microsoft Access token on my ASP.NET Core Web API
- Microsoft Graph: List all users and their groups in one request
- How to handle scalability when sending DM with BotFramework
- How can I add email recipients to a Graph API request programmatically?
- Microsoft Identity Web: Change Redirect Uri
- Azure graph api to search groups whose displayName contains a specific term
- I am getting an error that OAuth2 Code has already been redeemed
- AADSTS700016: Application with identifier 'XXX' was not found in the directory 'directory_name'
- Access OneDrive Directories and files using MSGraph API with client Authentication
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- Upload a file using msgraph Python SDK
- How can I use msgraph Python SDK to properly list or get files from OneDrive?
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- Get-MgUserCalendar fails with "The specified object was not found in the store." for my own calendar
- How to get all the files in OneDrive account using the graph SDK?
- Microsoft Graph API fails to update user birthday and hireDate in GCC high environment
- Looking for a Microsoft Graph API that can update device ownership of a deivce
- Is there an easy way to display the profile image from graph api in a react application