Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assign app role to newly created/invited user results in 400 BadRequest #2508

Open
ErikAndreas opened this issue May 22, 2024 · 6 comments
Open

Assign app role to newly created/invited user results in 400 BadRequest #2508

ErikAndreas opened this issue May 22, 2024 · 6 comments
Labels
Needs: Attention 👋 type:bug A broken experience

Comments

@ErikAndreas
Copy link

ErikAndreas commented May 22, 2024
edited
Loading

Describe the bug

I am successfully creating an invite to a b2b guest user using Invitations.PostAsync, I'm then trying to set an app role using AppRoleAssignedTo.PostAsync on that user but it fails with statusCode 400, errorCode 'Request_BadRequest' and errorMessage 'Not a valid reference update'.

I'm even able to query the newly created user with Users[userObjectId].GetAsync prior to trying to set role.

Trying to set the role on that user a few minutes later works.

Expected behavior

Being able to set user app role on the newly created invited user? Or get a more explaning message (retry-after or similiar)? Something more actionable, there's nothing wrong with the request (it's not a bad request).

How to reproduce

// request bodies removed for brevity 
var userObjectId= await _client.Invitations.PostAsync(requestBody);
var result = await _client.Users[userObjectId].GetAsync();
var roleAssignment = await _client.ServicePrincipals[Environment.GetEnvironmentVariable("EntraEAObjectId")].AppRoleAssignedTo.PostAsync(roleRequestBody);

SDK Version

5.53

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_
@ErikAndreas ErikAndreas added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels May 22, 2024
@andrueastman
Copy link
Member

Thanks for raising this @ErikAndreas

Any chance you can share a sample of how the roleRequestBody property is created?

Are you able to share the serialized payload before its sent out using fiddler or with something like this?

var jsonString = KiotaJsonSerializer.SerializeAsString(roleRequestBody);

@andrueastman andrueastman added Needs: Author Feedback status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned labels May 23, 2024
@ErikAndreas
Copy link
Author 

 var roleRequestBody = new AppRoleAssignment
 {
     PrincipalId = userObjectId, // user object id 
     ResourceId = Guid.Parse(Environment.GetEnvironmentVariable("EntraEAObjectId")), // enterprise app object id 
     AppRoleId = Guid.Parse(roleObjectid) // client app role object id
 };

as previously stated, it does work after a few minutes (after createInvite)

@ErikAndreas
Copy link
Author

Somewhat related is the fact that if user already has role assigned you also get a Requst_BadRequest answer and the only way to separate a failed (this issue) call from one that is ok (role already assigned) is to check the error message (human readable string), here it would be preferable to be able to separate the cases by a code/enum or such, not a message/string

@ErikAndreas
Copy link
Author

Hi, any progress on this issue? @andrueastman

@microsoft-github-policy-service microsoft-github-policy-service bot removed status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close Status: No recent activity labels Jun 4, 2024
@ErikAndreas
Copy link
Author

Any updates? @andrueastman

@ErikAndreas
Copy link
Author

Any news here @andrueastman?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs: Attention 👋 type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ErikAndreas @andrueastman