Create user with Custom Attributes in Azure AD B2C with Graph API

Question

I am trying to create user with Graph API. user json object is as shown below. I have created a custom attribute called Role. So while creating the user i need to give some value this Role as well. But if i include this custom attribute i am getting error.

One or More properties are invalid

Create User is successful if i don't specify this custom attribute.

 var jsonObject = new JObject
            {
                {"accountEnabled", true},
                {"country", "India"},
                {"creationType", "LocalAccount"},
                {"givenName","given"},
                {"surName","surname"},
                {"extension_Role","Admin"},
                {"displayName","[email protected]"},
                {"passwordPolicies", "DisablePasswordExpiration,DisableStrongPassword"},
                {"passwordProfile", new JObject
                {
                    {"password", "Password@12"},
                    {"forceChangePasswordNextLogin", false}
                } },
                {"signInNames", new JArray
                    {
                        new JObject
                        {
                            {"value", "[email protected]"},
                            {"type", "emailAddress"}
                        }
                    }
                }
            };

extension_Role is the property which is throwing error. I tried giving extension_appId_Role. It gives a different error saying

No extension properties exists with this name

I guess we cannot add custom attributes while creating the user. Only we can update them using edit profile. Correct me if i am wrong. I have added this custom attribute to sign-up and edit-profile policies and as claims.

NOTE : I gave proper permissions to graph API and registered an app with App Registration portal.

Answer: I found the answer . But not sure if that is the correct behaviour. I could insert custom attributes when i append it with b2c-extensions-app app id. I registered a separate app under App Registrations but not sure why it's still taking default b2c-extensions-app application id. May be it's because i created custom user attributes before registering app in App Registrations.

Answer 1

As pointed out in a comment you need to specify the prefix extension_ and the b2c-extensions-app app ID in the property name. The app ID is a GUID but must be included without the hyphens e.g.

extension_93ae98b337124e0aaced3698b59f8acb_Role

The b2c-extension-app ID can be found by selecting All Resources -> App Registrations in the Azure portal inside the Azure AD B2C tenant. By default it shows the list of My apps; change the dropdown to All apps then click the b2c-extension-app and copy its Application ID.

Answer 2

1. Get the B2C application from: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet and update the app.config with values for your b2c tenant. (see: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet for more info on setting up and using B2C).
2. Run B2C Get-B2C-Application: Copy the value of "objectId" (towards the top of the output).
3. Run B2C Get-Extension-Attribute objectid (where objectid is what you captured in step (2)). The output of which will have a name property for each custom property (eg: "name": "extension_appguid_customattributename")
4. The name from (3) is what you can use with the command B2C create-user "path_to_email.json". In the json, you add your property like so: "extension_appguid_customattributename":"this is a custom property!"

Note: one can find out the name of the custom attribute by finding the appid for the App registered in the B2C tenant under AAD (it has the name: b2c-extensions-app). You then append extension_appid_ to your custom attribute and then you can use it.