Confused about extensions for a User in Azure B2C - Maximum number of extensions values supported per application is 2

Alex B 76 Reputation points
2021-08-05T18:13:33.34+00:00

So there are User Custom Attributes in Azure B2C which are created in the Portal and they belong to "b2c-extensions-app-blahblah". When I need to set its value programmatically I use await GraphClient!.Applications[b2CExtensionsApp.Id].ExtensionProperties to get the custom attribute and then I add/update its value with: 

await GraphClient!.Users[userId].Extensions[userCustomAttr.Id.ToString()].Request().UpdateAsync(ext);

My app does require to have 2 custom user attribute values, so I set them in code. So far so good.

Now, there are OpenExtensions for directory objects. And I want to keep some data with them. Here's how I create its value with: 

                    OpenTypeExtension ilgExt = new()
                    {
                        ExtensionName = ILG_USER_CUSTOM_EXTENSION_NAME_S,
                        AdditionalData = new Dictionary<string, object>
                        {
                            {extPropName, value}
                        }
                    };
                    try
                    {
                        await GraphClient!.Users[userId].Extensions.Request().AddAsync(ilgExt);
                    }
                    catch (Exception ex)
                    {
                        string errMsg = $"Could not create extension value {extPropName} for a User '{userId}'";
                        _logger.LogError(ex, errMsg);
                        throw new IlgGraphClientException(errMsg, ex);
                    }

But this throws and exception:

Maximum number of extensions values supported per application is 2

WTF? Why can't I use more? And why custom attributes are taken into account?

Is there any way to have custom attribute values AND extension property values for a User?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,570 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,639 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-08-11T15:13:51.333+00:00

    Hi @Alex B · Open extensions are different than Schema extensions. I have provided the backend calls below to distinguish between these methods.

    Open extension creates extension attribute for specific user and it has a limit of 2 per application. Below is an example of backend API call to create open extension.

    Call:
    POST https://graph.microsoft.com/v1.0/me/extensions
    Body:
    {
    "@odata.type": "microsoft.graph.openTypeExtension",
    "extensionName": "com.contoso.roamingSettings",
    "theme": "dark",
    "color": "purple",
    "lang": "Japanese"
    }

    Creating 3rd attribute using this method results in below error:

    122422-image.png

    Schema extension is done at directory/tenant level and attributes created by using this method are available for all users in that tenant. Custom attributes in B2C are created as schema extension and is not restricted to 2 per application. These attributes are created in B2C via b2c-extensions-app and are available for all users. Below is the backend call that is used to create schema extension attribute:

    Call:
    POST https://graph.microsoft.com/beta/<your_tenant.onmicrosoft.com>/applications/<ObjectID_of_b2c-extension-appl>/extensionProperties
    Body:
    {
    "name": "employeeType",
    "dataType": "String",
    "targetObjects": ["User"]
    }

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-08-11T05:10:48.457+00:00

    Hi @Alex B • Thank you for reaching out.

    This is a by design limitation for open extensions. An application can add up to two open extensions per resource instance. Which means, If you have added 2 open extension attributes for user1, you won't be able to add third open extension attribute for user1 but you will be able to add 2 open extension attributes for user2, using same application. This limitation is for both standard Azure AD as well as Azure AD B2C tenants.

    This limitation is documented here: https://learn.microsoft.com/en-us/graph/extensibility-overview#open-extension-limits

    Why custom attributes are taken into account? Is there any way to have custom attribute values AND extension property values for a User?
    This limit is independent of custom attributes created via schema extension. If you create 2 extension attributes by schema extension, you can still create 2 open extensions per user/resource using same application.

    For creating more than 2 attributes per resource using same application, I would suggest you to go with schema extension. Please refer to my blog post Azure AD Schema extension for users in 10 easy steps.

    Hope I have covered all your questions. If you have any further question, feel free to tag me in your reply.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.