Graph API cannot filter Azure AD B2B users by the phone number used to sign in-CodePudding

I'm unable to find users in Azure AD B2C by their phone number used to sign in using the Microsoft Graph API. According to the documentation, I should be able to query users by their identities as long as I provide issuer and issuerAssignedId in the filter, but I always receive an empty result set.

I've tried:

Querying by an email address identity instead. This succeeds.
Signing in for the first time with the phone number, in case there's some sort of initialization that needs to happen. The user is still not returned.
Querying by the user attribute mobilePhone. Querying by mobilePhone requires setting ConsistencyLevel=eventual, and ConsistencyLevel=eventual is not supported in Azure AD B2C.

Below is a request that successfully creates a test user, followed by requests trying to find that user by the email address or by the phone number.

The variable {{B2C_TENANT}} is the full tenant domain: example.onmicrosoft.com.

Create user

First, I create the user and give it two sign in identities: One with an email address, one with a phone number.

Request:

POST /v1.0/users HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json

{
    "accountEnabled": true,
    "displayName": "Stephen",
    "passwordPolicies": "DisablePasswordExpiration",
    "passwordProfile": {
        "password": "asdkljfdklsj2340982304#$#$",
        "forceChangePasswordNextSignIn": false
    },
    "identities": [
        {
          "signInType": "emailAddress",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "[email protected]"
        },
        {
            "signInType": "phoneNumber",
            "issuer": "{{B2C_TENANT}}",
            "issuerAssignedId": " 13105551234"
        }
    ]
}

Find user by phone

This request always returns an empty result set, as though no user exists with the given phone number.

Request:

GET /v1.0/users/?$filter=identities/any(id:id/issuer eq '{{B2C_TENANT}}' and id/issuerAssignedId eq ' 13105551234') HTTP/1.1
Host: graph.microsoft.com

Response:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
  "value": []
}

Find user by email

This request returns the user. If I select the identities, I can see it contains the phone number sign in I'm trying to query in the previous request.

Request:

GET /v1.0/users/?$filter=identities/any(ident:ident/issuer eq '{{B2C_TENANT}}' and ident/issuerAssignedId eq '[email protected]')&$select=id,userPrincipalName,displayName,identities HTTP/1.1
Host: graph.microsoft.com

Response:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,userPrincipalName,displayName,identities)",
  "value": [
    {
      "id": "2de83c94-e734-470b-8ca2-c3279c364164",
      "userPrincipalName": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}",
      "displayName": "Stephen",
      "identities": [
        {
          "signInType": "phoneNumber",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": " 13105551234"
        },
        {
          "signInType": "emailAddress",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "[email protected]"
        },
        {
          "signInType": "userPrincipalName",
          "issuer": "{{B2C_TENANT}}",
          "issuerAssignedId": "2de83c94-e734-470b-8ca2-c3279c364164@{{B2C_TENANT}}"
        }
      ]
    }
  ]
}

CodePudding user response：

URL encode the phone number. +13105551234, then it works.