Share via

AADSTS1100001 Error when Implementing Custom Extension for OnAttributeCollectionSubmit Event in Microsoft Entra ID

Aakash Goswami 25 Reputation points
2024-11-11T11:56:57.25+00:00

I'm implementing a custom authentication extension in Microsoft Entra ID to modify the sign-up experience in my customer self-service sign-up user flow. I’ve registered my custom extension to trigger on the OnAttributeCollectionSubmit event, which occurs after a user submits their sign-up attributes. The goal is to validate and potentially modify the user’s input (e.g., creating a displayName based on firstName and lastName attributes) before continuing with the sign-up flow.

Here's the Microsoft documentation reference I’m following: Custom Extension for OnAttributeCollectionSubmit event.

Problem:

I'm encountering an AADSTS1100001 error when this custom extension is triggered. This error prevents the sign-up flow from progressing as expected.

Details of My Implementation:

Azure Function: I created an Azure Function that receives the OnAttributeCollectionSubmit request, processes the input data, and returns a modified attribute (a displayName).

Expected Request Structure: The request payload from Microsoft Entra ID contains user attributes (e.g., givenName, surname), including custom attributes, as defined in the user flow. Below is a sample structure for the request payload:

{
  "type": "microsoft.graph.authenticationEvent.attributeCollectionSubmit",
  "data": {
    "tenantId": "tenant-id",
    "authenticationContext": { /* context details */ },
    "userSignUpInfo": {
      "attributes": {
        "givenName": { "value": "John" },
        "surname": { "value": "Doe" }
      }     
    }  
 } 
}

Azure Function Code: Here’s the main part of my Azure Function code:

module.exports = async function (context, req) {
    const userSignUpInfo = req.body?.data?.userSignUpInfo?.attributes;
    if (!userSignUpInfo) {
        context.res = {
            status: 400,
            body: {
                data: {
                    "@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
                    actions: [
                        {
                            "@odata.type": "microsoft.graph.attributeCollectionSubmit.showValidationError",
                            message: "Invalid request format: missing userSignUpInfo"
                        }
                    ]
                }
            }
        };
        return;
    }

    const firstName = userSignUpInfo?.givenName?.value || '';
    const lastName = userSignUpInfo?.surname?.value || '';
    const displayName = `${firstName} ${lastName}`.trim();

    context.res = {
        status: 200,
        body: {
            data: {
                "@odata.type": "microsoft.graph.onAttributeCollectionSubmitResponseData",
                actions: [
                    {
                        "@odata.type": "microsoft.graph.attributeCollectionSubmit.modifyAttributeValues",
                        attributes: {
                            displayName: displayName
                        }
                    }
                ]
            }
        }
    };
};

Questions:

  1. What could be causing the AADSTS1100001 error in this scenario?
  2. Are there any specific configuration settings or permissions required for the OnAttributeCollectionSubmit event that I might be missing?
  3. Does the schema and response format in my code match the expected format for Microsoft Entra ID, or is there anything incorrect?
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,935 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.