Patch request in SCIM with Azure AD

Lukas Patecki 21 Reputation points
2020-10-08T11:41:41.96+00:00

How should I handle the following PATCH request, for a user that when initially added didn't have any address (not even an empty addresses array)? 

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "Add",
            "path": "addresses[type eq \"work\"].formatted",
            "value": "Columbus"
        }
    ]
}

Should I "proactively" create an addresses array, with a single value as following (what seems a very bad solutions)? 

{"type": "work", formatted: "Columbus"}

I would expect a patch request that looks like: 

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
     "Operations":[{
       "op":"add",
       "value":{
         "addresses":[
           {
             "formatted":"Columbus",
             "type":"work"
           }
         ]
     }]
}
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,569 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danny Zollner 9,521 Reputation points Microsoft Employee
    2020-10-08T17:13:28.513+00:00

    Page 33 of SCIM RFC 7644 (https://tools.ietf.org/html/rfc7644#section-3.5.2) defines valid examples of "path", including the first example that you gave: "path":"addresses[type eq \"work\"]"

    Your interpretation of what needs to happen in response to the first sample is correct. If no array exists yet, then you should create the array and then add the value to the array. The creation of the array can happen proactively or reactively - meaning, you can set it ahead of time to be an empty array, or can leave the value as null until such a point where a value needs to be added to the array, and then at that time create the array and then add the value to it.

    0 comments