register email otp properly for sspr

azure-ad-b2c · Sep 14, 2023 · abe8aef · abe8aef
1 parent 0fe6237
commit abe8aef
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/policies/migrate-to-entra-external-id-for-customers/readme.md b/policies/migrate-to-entra-external-id-for-customers/readme.md
@@ -19,6 +19,7 @@ Users are sent to the AAD B2C authentiaction endpoint. An Azure function orchest
 ### Create application registrations
 1. Create an Application registration in the Entra External Id tenant, named **RopcFromB2C**. Choose Native App. Copy the AppId/ClientId
 1. In the Authentication menu, enable **Allow public client**
+1. In the manifest, set
 
 1. Create an Application registration in the Entra External Id tenant, named **GraphCallsFromB2CTenant**. Choose Web App. Copy the AppId/ClientId
 1. Under API permissions, add MS Graph API **Application** permissions: `User.ReadWrite.All` and `UserAuthenticationMethod.ReadWrite.All`

diff --git a/policies/migrate-to-entra-external-id-for-customers/source-code/ciamHelper.cs b/policies/migrate-to-entra-external-id-for-customers/source-code/ciamHelper.cs
@@ -142,6 +142,18 @@ public static async Task<IActionResult> Run(
                     try
                     {
                         var result = await graphClient.Users.PostAsync(userRequestBody);
+                        string stringObjectId = result.Id;
+
+                            try 
+                            {
+                                await DoWithRetryAsync(TimeSpan.FromSeconds(1), tryCount: 10, stringObjectId, email, graphClient);
+
+                            }
+                            catch (Exception enrolEx)
+                            {
+                                return new ConflictObjectResult(enrolEx);
+                            }
+
                         return new OkObjectResult(result);
                     }
                     catch (Exception ex)
@@ -182,10 +194,33 @@ public static async Task<IActionResult> Run(
 
             return new OkObjectResult(null);
         }
-
+        public static async Task EnrolEmail(GraphServiceClient graphClient, string email, string objectId){
+            var emailAuthMethodRequestBody = new EmailAuthenticationMethod
+            {
+                EmailAddress = email
+            };
+            var result = await graphClient.Users[objectId].Authentication.EmailMethods.PostAsync(emailAuthMethodRequestBody);
+            //return new OkObjectResult(enrolResult);
+        }
+
+        public static async Task DoWithRetryAsync(TimeSpan sleepPeriod, int tryCount = 3, string objectId="test", string email="test", GraphServiceClient graphClient=null)
+        {
+            if (tryCount <= 0)
+                throw new ArgumentOutOfRangeException(nameof(tryCount));
+
+            while (true) {
+                try {
+                    await EnrolEmail(graphClient, email, objectId);
+                    return;
+                } catch {
+                    if (--tryCount == 0)
+                        throw;
+                    await Task.Delay(sleepPeriod);
+                }
+            }
+        }
     }
 
-
     public class B2CResponseModel
     {
         public string version { get; set; }