Dans les scénarios délégués avec des comptes professionnels ou scolaires, l’administrateur doit se voir attribuer un rôle Microsoft Entra pris en charge ou un rôle personnalisé avec une autorisation de rôle prise en charge. Les rôles les moins privilégiés suivants sont pris en charge pour cette opération :
Administrateur de l’extensibilité de l’authentification
Vous pouvez spécifier les propriétés suivantes lors de la création d’une customAuthenticationExtension. Vous devez spécifier la propriété @odata.type avec une valeur du type d’objet customAuthenticationExtension que vous souhaitez créer. Par exemple, pour créer un objet onTokenIssuanceStartCustomExtension , définissez @odata.type sur #microsoft.graph.onTokenIssuanceStartCustomExtension.
Collection de revendications à retourner par l’API appelée par cette extension d’authentification personnalisée. Peut être défini pour l’objet onTokenIssuanceStartCustomExtension uniquement. Utilisé pour remplir l’expérience de mappage de revendications dans centre d’administration Microsoft Entra. Optional.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new OnTokenIssuanceStartCustomExtension
{
OdataType = "#microsoft.graph.onTokenIssuanceStartCustomExtension",
DisplayName = "onTokenIssuanceStartCustomExtension",
Description = "Fetch additional claims from custom user store",
EndpointConfiguration = new HttpRequestEndpoint
{
OdataType = "#microsoft.graph.httpRequestEndpoint",
TargetUrl = "https://authenticationeventsAPI.contoso.com",
},
AuthenticationConfiguration = new AzureAdTokenAuthentication
{
OdataType = "#microsoft.graph.azureAdTokenAuthentication",
ResourceId = "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4",
},
ClientConfiguration = new CustomExtensionClientConfiguration
{
TimeoutInMilliseconds = 2000,
MaximumRetries = 1,
},
ClaimsForTokenConfiguration = new List<OnTokenIssuanceStartReturnClaim>
{
new OnTokenIssuanceStartReturnClaim
{
ClaimIdInApiResponse = "DateOfBirth",
},
new OnTokenIssuanceStartReturnClaim
{
ClaimIdInApiResponse = "CustomRoles",
},
},
};
// To initialize your graphClient, see https://video2.skills-academy.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.CustomAuthenticationExtensions.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
OnTokenIssuanceStartCustomExtension customAuthenticationExtension = new OnTokenIssuanceStartCustomExtension();
customAuthenticationExtension.setOdataType("#microsoft.graph.onTokenIssuanceStartCustomExtension");
customAuthenticationExtension.setDisplayName("onTokenIssuanceStartCustomExtension");
customAuthenticationExtension.setDescription("Fetch additional claims from custom user store");
HttpRequestEndpoint endpointConfiguration = new HttpRequestEndpoint();
endpointConfiguration.setOdataType("#microsoft.graph.httpRequestEndpoint");
endpointConfiguration.setTargetUrl("https://authenticationeventsAPI.contoso.com");
customAuthenticationExtension.setEndpointConfiguration(endpointConfiguration);
AzureAdTokenAuthentication authenticationConfiguration = new AzureAdTokenAuthentication();
authenticationConfiguration.setOdataType("#microsoft.graph.azureAdTokenAuthentication");
authenticationConfiguration.setResourceId("api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4");
customAuthenticationExtension.setAuthenticationConfiguration(authenticationConfiguration);
CustomExtensionClientConfiguration clientConfiguration = new CustomExtensionClientConfiguration();
clientConfiguration.setTimeoutInMilliseconds(2000);
clientConfiguration.setMaximumRetries(1);
customAuthenticationExtension.setClientConfiguration(clientConfiguration);
LinkedList<OnTokenIssuanceStartReturnClaim> claimsForTokenConfiguration = new LinkedList<OnTokenIssuanceStartReturnClaim>();
OnTokenIssuanceStartReturnClaim onTokenIssuanceStartReturnClaim = new OnTokenIssuanceStartReturnClaim();
onTokenIssuanceStartReturnClaim.setClaimIdInApiResponse("DateOfBirth");
claimsForTokenConfiguration.add(onTokenIssuanceStartReturnClaim);
OnTokenIssuanceStartReturnClaim onTokenIssuanceStartReturnClaim1 = new OnTokenIssuanceStartReturnClaim();
onTokenIssuanceStartReturnClaim1.setClaimIdInApiResponse("CustomRoles");
claimsForTokenConfiguration.add(onTokenIssuanceStartReturnClaim1);
customAuthenticationExtension.setClaimsForTokenConfiguration(claimsForTokenConfiguration);
CustomAuthenticationExtension result = graphClient.identity().customAuthenticationExtensions().post(customAuthenticationExtension);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\OnTokenIssuanceStartCustomExtension;
use Microsoft\Graph\Generated\Models\HttpRequestEndpoint;
use Microsoft\Graph\Generated\Models\AzureAdTokenAuthentication;
use Microsoft\Graph\Generated\Models\CustomExtensionClientConfiguration;
use Microsoft\Graph\Generated\Models\OnTokenIssuanceStartReturnClaim;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new OnTokenIssuanceStartCustomExtension();
$requestBody->setOdataType('#microsoft.graph.onTokenIssuanceStartCustomExtension');
$requestBody->setDisplayName('onTokenIssuanceStartCustomExtension');
$requestBody->setDescription('Fetch additional claims from custom user store');
$endpointConfiguration = new HttpRequestEndpoint();
$endpointConfiguration->setOdataType('#microsoft.graph.httpRequestEndpoint');
$endpointConfiguration->setTargetUrl('https://authenticationeventsAPI.contoso.com');
$requestBody->setEndpointConfiguration($endpointConfiguration);
$authenticationConfiguration = new AzureAdTokenAuthentication();
$authenticationConfiguration->setOdataType('#microsoft.graph.azureAdTokenAuthentication');
$authenticationConfiguration->setResourceId('api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4');
$requestBody->setAuthenticationConfiguration($authenticationConfiguration);
$clientConfiguration = new CustomExtensionClientConfiguration();
$clientConfiguration->setTimeoutInMilliseconds(2000);
$clientConfiguration->setMaximumRetries(1);
$requestBody->setClientConfiguration($clientConfiguration);
$claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim1 = new OnTokenIssuanceStartReturnClaim();
$claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim1->setClaimIdInApiResponse('DateOfBirth');
$claimsForTokenConfigurationArray []= $claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim1;
$claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim2 = new OnTokenIssuanceStartReturnClaim();
$claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim2->setClaimIdInApiResponse('CustomRoles');
$claimsForTokenConfigurationArray []= $claimsForTokenConfigurationOnTokenIssuanceStartReturnClaim2;
$requestBody->setClaimsForTokenConfiguration($claimsForTokenConfigurationArray);
$result = $graphServiceClient->identity()->customAuthenticationExtensions()->post($requestBody)->wait();