I am trying to invite guest user in my Office 365 tenant using Azure AD B2B api and the intent is to set hireDate property of the guest user as soon as invitation is sent. For me its not necessary that guest should redeem the invitation.
The problem is, code fails (with error message: Unable to check user existence in AD) when I am trying to patch user to update hireDate property irrespective of guest redeem the invitation or not. The problem does not occur if i wait for a minute or so after sending the invitation and then try to patch the user. How can I set this property without waiting?
To resolve this, i already tried implementing retry logic but this is not reliable.
var token = extranetHelper.GetAuthToken(); //Custom class to get token
var guestEmail = "abc#abc.com";
var siteURL = "https://tenant.sharepoint.com/sites/abc";
var displayName = "";
Invitation guestInvitation =
GraphUtility.InviteGuestUser(token.AccessToken, guestEmail, siteURL, "", displayName);
var guestUserId = guestInvitation.InvitedUser.Id;
var graphUrl = "https://graph.microsoft.com/beta/users/" + guestUserId;
var body = "{\"hireDate\" : \"" + DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ") + "\"}";
var response = GraphHttpClient.MakePatchRequestForString(graphUrl, JsonConvert.DeserializeObject(body), "application/json", token.AccessToken);
hireDate property should be set for the newly created guest user in Azure AD.
To my knowledge there currently is no way to avoid this delay since it can sometimes take 30 minutes to an hour for the state to change.
Since Graph API currently cannot check for this, we can use the the Azure AD reporting API to check the this status. We can get the Update user event and check the UserState to see if it is invited to achieve the goal. For more details about the Azure AD reporting API, you can this link.
You can leave feedback for Azure to cut back on this delay here.
Related
I have setup a FB Webhook to notify my technicians when a user messages my business page. The notification works and I get the message and the sender's ID (PSID) but I can't seem to get the sender's first and last name per the documentation found here :
https://developers.facebook.com/docs/messenger-platform/identity/user-profile
I have been granted Advanced Access with the "Business Asset User Profile Access" as required.
The App is in Live mode (not development mode)
Messaging permissions are granted
I need to turn the returned "Sender ID (PSID)" into a First and Last name. According to the documentation, I need to send a request like this :
curl -X GET "https://graph.facebook.com/<PSID>?fields=first_name,last_name,profile_pic&access_token=<PAGE_ACCESS_TOKEN>"
So my code looks like this :
function get_basic_info($id, $access) {
$url = 'https://graph.facebook.com/'.$id.'?fields=first_name,last_name,profile_pic&access_token='.$access;
$info = json_decode(file_get_contents($url), true);
return $info;
}
I would then call the function using : $fbuser = get_basic_info($sender, $fb_access_token);
This will ALWAYS return NULL when messaging my business page from any Facebook account.... except from my personal account which owns the business page. If I message my business account from my personal account that owns the business, this is what I get back :
{"first_name":"Tim","last_name":"My_Last_Name","profile_pic":"Profile_Picture_URL","id":"My_FB_ID"}
The access token I am using is generated from the App Dashboard > My_App > Messenger (under Products, left side) > Settings > Access Tokens > Generate Token (Next to the Business Page I own).
What am I doing wrong? It works when I personally message my own business page, but not when anyone else messages. Thank you for ANY help!
So to update this with an answer for those who may be looking, here it goes.... Don't use the Sender ID (PSID) as the documentation states, use the Message ID.
function get_basic_info($id, $access) {
$url = 'https://graph.facebook.com/'.$id.'?fields=from&access_token='.$access;
$info = json_decode(file_get_contents($url), true);
return $info;
}
Usage :
$fbuser = get_basic_info($message_id, $FB_PAGE_ACCESS_TOKEN);
$fb_name = $fbuser['from']['name'];
Unfortunately, you cannot get the Profile Picture, but this is as far as I needed to get anyways.
Enjoy!
We have created one SharePoint List custom form having Rest API and when users having Contribute access are trying to submit the form, they are getting pop up asking for credentials again and again. Although the functionality is working fine with Full Access and site collection admin users.
page is also becoming unresponsive after some time. Please assist
If you have client-side JavaScript executing REST calls, it will always run in the context of the current user, which means you cannot do anything in a REST call that the current user does not have permission to do themselves.
If you are using an on-premises installation of SharePoint Server that is using integrated NTLM security (meaning your Active Directory users are usually automatically logged into SharePoint without entering their credentials), then when your code attempts a client-side REST call that attempts to perform an action that the current user is not authorized for, the browser will automatically prompt them for AD credentials for a user account that Does have access.
If you are using an Online environment or one without integrated security, then instead of re-prompting the users for credentials, your code will just receive a 401 Unauthorized.
If your SharePoint farm is using integrated security with your local domain, there is no way to directly stop the user from being prompted for credentials when you try to access a resource they do not have access to. Instead, you will need to use the REST API to see if the current user has permission to perform the action, and display a more friendly error if they do not.
The following is an example, borrowed from a previous stack exchange post on checking a user's permissions:
function checkPermissions() {
var call = jQuery.ajax({
url: _spPageContextInfo.webAbsoluteUrl +
"/_api/Web/effectiveBasePermissions",
type: "GET",
dataType: "json",
headers: {
Accept: "application/json;odata=verbose"
}
});
call.done(function (data, textStatus, jqXHR) {
var manageListsPerms = new SP.BasePermissions();
manageListsPerms.initPropertiesFromJson(data.d.EffectiveBasePermissions);
var manageLists = manageListsPerms.has(SP.PermissionKind.manageLists);
var message = jQuery("#message");
message.text("Manage Lists: " + manageLists);
});
}
I am trying to create a new user in Azure DevOps using Rest API C# and by debugging the code I am not seeing any error and the user information were showing correct after I get result of the created new user. My issue is that the user is NOT saved after the application is completed and I do not see the user in Azure DevOps. When I check the status of the task it is WaitingForActivation.
Here is the code I am using and please advise what is wrong:
VssConnection connection = new VssConnection(new Uri(uri), new VssBasicCredential(string.Empty, personalAccessToken));
GraphHttpClient graphClient = connection.GetClient<GraphHttpClient>();
GraphUserMailAddressCreationContext usr = new GraphUserMailAddressCreationContext();
usr.MailAddress = "someuser#somedomain.com";
GraphUser u = graphClient.CreateUserAsync(usr).Result;
Creating a New User in Azure DevOps using Rest API
According to your code segment, it seems you are adding a user via Graph. But add a user via Graph does not give them access to the account, the user has to be materialized and added to the appropriate projects, groups etc.
To add a user, I suggest you can use another API User Entitlements - Update User Entitlement with following request body:
[
{"from":"",
"op":0,
"path":"/projectEntitlements",
"value":{"projectRef":{"id":"<MyProjectID>"},"group":{"groupType":3}}
}
]
You can check my another thread for some more details.
Hope this helps.
Let us suppose that Alice sends a subscription request to Bob using the next code.
public bool AddBuddy(string jid) {
var roster = conn.Roster;
// 2` param is nickname
roster.CreateEntry(jid, null, null);
roster.SetSubscriptionMode(Roster.SubscriptionMode.Manual);
Presence subscribe = new Presence(Presence.Type.Subscribe);
subscribe.To = jid;
conn.SendPacket(subscribe);
}
When Bob has logged, it receives a popup where tell you if you want to added or not in the next method.
public void ProcessPacket (Packet p0)
{
Presence presence = p0.JavaCast<Presence> ();
var a = presence;
}
But I need to implement a "Add Later" functionality. I have no idea how to save the messages in the server and also how to receive all of them
You can delay the subscription as long as you want, there is no need to save the subscriptions packets on the server. And in order to query the deferred subscriptions requests, simply query the roster for subscriptions not in mode both.
One remark regarding your code: Roster.createEntry(String, String, String[] will automatically send the presence packat. No need to send it again.
No need to save anything on the server as it maintains pending subscribe requests automatically, ie. whenever you login to the server at a later time, the subscribe request will be pushed to you again (if it wasn't dealt with before). Therefore, just save the subscribe request locally in your application in a list or something whenever you receive it from the server, and show that local request list to the user as a "Friend request page" for the user to accept/reject. If your application's lifecycle restarts, it will be receiving all pending subsribe presences again from the server (or whenever it re-logins). Let me know if this works for you.
When I use the API to send notification requests, they arrive as expected. However after the user follows the link and accepts the App permissions, the notification persists.
Is there some additional call I need to make to clear the notification? I know it auto expires after some time, but that doesn't seem entirely satisfying.
Am I missing something, or is this really not doable?
This is how you delete app request when users accept an app invitation.
When user accepts an invitation i.e. comes to your application canvas page by clicking on app request notification, Facebook sends comma separated ids in "request_ids" parameter. You can get this requests and delete it using graph api like this :
Here I am deleting the last request id :
$ids = $_GET['request_ids'];
$id_arr = explode(",",$ids);
$count = count($id_arr);
$delete_url="https://graph.facebook.com/".$id_arr[$count-1]. "?access_token=" . $token . "&method=delete";
$result = file_get_contents($delete_url);
echo("Requests deleted (true or false) ?" . $result);
Note request_ids field may contain multiple request id if he has been invited multiple times. I am not sure but you may need to delete all.