Failed to get user email from Azure AD B2C using GraphAPI
I created an Azure AD B2C tenant and configured a local account with a username as the login method. I created a registration policy and did registration via the Azure AD B2C registration screen. On the registration screen, I entered an email address and Azure AD B2C sent an email for verification. After the registration was successful, I tried to get the registered user data through the Graph API.
Diagram API URL used to get user details:
https://graph.windows.net/<tenantid>/users?api-version=1.6
I was able to get all other information about the new user like username, first name, last name, etc ... besides the email address entered by the user while checking the email.
Please let me know if there is a way or configuration to get an email address through the Graph API.
source to share
In the case where users login with username + confirmation email, there is no way to get the email used .
Here are all the cases related to email in Azure AD B2C and where they are stored.
- Local account with email: email is accessible via property
signInNames
- Local account with sign-based username + email verification: Email is not available anywhere.
- Social IdPs via built-in policies : Email, if available from the IdP, is available via the property
otherMails
.
Other considerations:
- The email used for the MFA and password reset is not available anywhere (this is indeed the same case as the local account with login sign + confirmation email).
- You can ask the user for their email in the register policy "Registration Attributes" .
- With custom policies and custom IdPs, do you really need to get an email, where to get it from, and where do you store it from.
You can always request that an email be available for your scenario or any other requests through the Azure AD B2C Feedback Forum
source to share