1

I am working on an Azure B2C custom policy with a rest API call. When a user signs up or signs in, i'm hitting an api endpoint to get user information and add it back to the claims.

However, when a user is not found in the external system(such as during sign up), the api will throw a 404. When this happens the error is posted in the url and the user flow errors out.

What I would like to do is ignore the 404 error and continue to the next orchestration step where we can then check if we got any information back from the api, and if not, hit another api endpoint to generate the users info and continue on with the sign up/sign in flow.

I've been looking for ways to do this, and the only answer i've seen is about handling errors from the api side which is very difficult in this situation due to access constraints.

wes4455
  • 35
  • 1
  • 4

1 Answers1

3

Whenever your API sends a non 200 response to AAD B2C, it will halt the execution of the journey. If there is a page displayed to the user, and the REST API call is run as a validation technical profile, then the error is displayed on screen. Otherwise the error is sent to the App URL.

In a Validation Technical profile, you can change this behavior by using the ContinueOnError property. https://learn.microsoft.com/en-us/azure/active-directory-b2c/validation-technical-profile

Call the REST API technical profile via a Validation Technical profile, then add the flag ContinueOnError="true" .

<ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomerDatabase" ContinueOnError="true" >
Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • 2
    Adding a comment to this in case another person encounters this issue. Im am unsure what is triggering this behavior, but our ContinueOnError="true" validation technical profile would still return and error and cancel the user flow unless there was another validation technical profile that executed after it. We ended up adding a dummy validation technical profile that always succeeds immediately following our rest api profile to get around this issue. – wes4455 Feb 15 '21 at 13:03
  • Hi @wes4455 , a validationTechnicalProfile is only available within a self-asserted technical profile. My use case is logging to eventhub via azureFunction. Can you share more details on your approach? Thanks in advance – Michael Jun 09 '22 at 05:59
  • Hey @Michael, in our case the profiles are used within the signon self asserted profile, so it fit the bill for this case. Unfortunately im not sure there is a way around this, but you could potentially create a "dummy" self asserted profile to do the logging, but would make for an awkward user experience. – wes4455 Jun 17 '22 at 18:51