msgraph-sdk-javascript icon indicating copy to clipboard operation
msgraph-sdk-javascript copied to clipboard
verified publisher icon microsoftgraph

Cannot create user after self signup request

Open preslavnolimit opened this issue 2 years ago • 1 comments

Bug Report

I am building self sign up approval process by this guide Guide I properly get the request store them in my db, but on creation of users using the graph api i am getting "creationType" is not valid:

`{"code":"Request_BadRequest","message":"Invalid value specified for property 'creationType' of resource 'User'.","details":[{"code":"InvalidValue","message":"Invalid value specified for property 'creationType' of resource 'User'.","target":"creationType"}],"innerError":{"date":"2023-11-","request-id":"fb54cb00-e6b8-46e1-9f17-019931da24d7","client-request-id":""}}`,

Prerequisites

  • [x] Can you reproduce the problem?
  • [x] Are you running the latest version?
  • [x] Are you reporting to the correct repository?
  • [x] Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

I am building self sign up approval process by this guide Guide I properly get the request store them in my db, but on creation of users using the graph api i am getting "creationType" is not valid:

[Description of the bug or feature]

Console Errors: [Is there any console error]

`{"code":"Request_BadRequest","message":"Invalid value specified for property 'creationType' of resource 'User'.","details":[{"code":"InvalidValue","message":"Invalid value specified for property 'creationType' of resource 'User'.","target":"creationType"}],"innerError":{"date":"2023-11-","request-id":"fb54cb00-e6b8-46e1-9f17-019931da24d7","client-request-id":""}}`,

Screenshots: [If applicable, add screenshots to help explain your problem]

Steps to Reproduce

I am making this request

import {ClientSecretCredential} from "@azure/identity";
import { TokenCredentialAuthenticationProvider } from"@microsoft/microsoft-graph-client/lib/src/authentication/azureTokenCredentials/index.js";
import { Client } from"@microsoft/microsoft-graph-client/lib/src/Client.js";

const credential = new ClientSecretCredential(...);

const authProvider = new TokenCredentialAuthenticationProvider(credential, {
    // The client credentials flow requires that you request the
    // /.default scope, and pre-configure your permissions on the
    // app registration in Azure. An administrator must grant consent
    // to those permissions beforehand.
    scopes: ['https://graph.microsoft.com/.default'],
});

const graphClient = Client.initWithMiddleware({ authProvider: authProvider });

const user = {
    displayName: 'displayName',
    userPrincipalName: 'displayName_special.domain#EXT#@domain.onmicrosoft.com',
    userType: "Guest",
    accountEnabled: true,
    mail: "[email protected]",
    identities: [
        {
            signInType: "federated",
            issuer: "mail",
            issuerAssignedId: "[email protected]",
        },
        {
            signInType: "userPrincipalName",
            issuer: "domain.onmicrosoft.com",
            issuerAssignedId: "displayName_special.domain#EXT#@domain.onmicrosoft.com,
        }
    ],
    passwordPolicies: 'DisablePasswordExpiration',
    mailNickname: "NICK NAME",
    creationType: "SelfServiceSignup",
    givenName: "unknown",
    surname: "unknown",
    jobTitle: "dev"
};

await graphClient.api('/users')
    .post(user);
    
all creationType options in the docs produce errors *described below), I have tried all of them and additionally "SelfServiceSignup" which is the type from the api request for all users.

    /**
     * Indicates whether the user account was created through one of the following methods: As a regular school or work
     * account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant
     * (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through
     * self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp).
     * Read-only.Returned only on $select. Supports $filter (eq, ne, not, in).
     */

**Expected behavior:** [What you expected to happen]

Expected to create user with self sign up and mail one time pass code. 

**Actual behavior:** [What actually happened]

It produce this error:

{"code":"Request_BadRequest","message":"Invalid value specified for property 'creationType' of resource 'User'.","details":[{"code":"InvalidValue","message":"Invalid value specified for property 'creationType' of resource 'User'.","target":"creationType"}],"innerError":{"date":"2023-11-","request-id":"fb54cb00-e6b8-46e1-9f17-019931da24d7","client-request-id":""}},


## Usage Information
Request ID - Value of the `requestId` field if you are receiving a Graph API error response

This is request id and I am not sure if you need client request id

fb54cb00-e6b8-46e1-9f17-019931da24d7

SDK Version - [3.0.7]

-   [x] Node (Check, if using Node version of SDK)

> Node Version - [18.17.1]

preslavnolimit avatar Nov 07 '23 20:11 preslavnolimit

Managed to fix it. The problem was the user's email. was alias with + sign as [email protected] and based on documentation this is not a valid userPrincipalName.

Java docs led to me do this problem resolution, but both docs in self-signup and the produced error are problematic and should be updated.

Explained here: https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=java

And here are the name limitations: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#userprincipalname-policies-that-apply-to-all-user-accounts

preslavsh avatar Nov 07 '23 21:11 preslavsh