Skip to main content

Users endpoint for Azure AD B2C

Use this endpoint to retrieve a user when using the Azure AD B2C platform. The endpoint requires an objectId to be provided, which is equivalent to the Authentication Cloud username.

For Azure AD B2C compatibility, the authenticator data is returned in a single string, instead of an array in the HTTP response.

HTTP request

GET https://{instance}.mauth.nevis.cloud/api/v1/aadb2c/users?objectId={username}
note

This endpoint requires the user to be registered with a username that is in a UUID format. For example: 250558c2-1dfc-4210-84a4-ddd1a37c740a.

Query parameters

ParameterTypeRequired/OptionalDescription
objectIdUUIDrequiredUnique identifier of the user to retrieve. Equivalent to the Authentication Cloud username.

Example HTTP request

Get user by objectId for Azure AD B2C
curl "https://$instance.mauth.nevis.cloud/api/v1/aadb2c/users?objectId=$username" \
  -H "Authorization: Bearer $access_key"

HTTP response

The response always returns HTTP 200 - OK, regardless of success or failure. The response only returns the registered FIDO UAF authenticators, such as a mobile app authenticator. Registered FIDO2 authenticators, phone numbers, and recovery codes are not included in the response.

FieldTypeDescription
userIdUUIDUnique identifier of this user.
usernameUUIDThe internal customer ID or unique identifier to link a user to your internal systems. The value can be null.
statusenumThe current status of the user, either new: The user has no confirmed authenticator yet; or active: The user has registered at least one authenticator and is able to log in.
createdAtstringThe date when the user was created.
updatedAtstringThe date when the user was last updated.
authenticatorsstringContain data of the already registered FIDO UAF authenticators in a string format.
authenticatorIdUUIDIncluded in authenticators string. The Unique identifier of the authenticator.
namestringIncluded in authenticators string. The name of the authenticator provided by the user.
typeenumIncluded in authenticators string. Defines the mobile platform for mobile app authenticators. The value is ios for iOS, and android for Android.
authenticatorTypeenumIncluded in authenticators string. Determines the type of the authenticator. The value can be appor fido2.
stateenumIncluded in authenticators string. Indicates the state of the authenticator.
enrolledAtstringIncluded in authenticators string. The date when the authenticator was registered.
updatedAtstringIncluded in authenticators string. The date when the authenticator was last updated.
uafDICTIncluded in authenticators string. If present, this field contains data related to the FIDO UAF authenticator. Only applicable if the authenticatorType is app.
uaf.userAgentstringIncluded in authenticators string. Optional user agent. The client application sends the userAgent when a FIDO UAF authenticator is registered or used for authentication.
uaf.deviceRefUUIDIncluded in authenticators string. Unique identifier of the physical device. This value does not change other than in specific scenarios: Can the Device Ref of the authenticator change?
uaf.userDisabledPushNotificationbooleanIncluded in authenticators string. Indicates if a user is disabled (true) or enabled (false) notifications for their application. When disabled, push authentication is not possible.
phonesarrayContain data of the already registered phone numbers in a string format.
recoveryCodesDICTContains information about the registered recovery codes.
exceededRateLimitsDICTIndicates that the push rate limit is reached for the given user. This means that the user and all of their authenticators are blocked. This field and the objects it contains are only present if push rate limiting is enabled for your instance, and the given user reached the set limit.
exceededRateLimits.pushDICTContains data of the push rate limit.
exceededRateLimits.push.resetInSecondsstringIndicates the remaining amount of time before the rate limit resets and the user gets unblocked. The measurement unit is in UTC epoch seconds.
exceededRateLimits.push.sentstringThe number of push notifications sent in set timeframe.
exceededRateLimits.push.timeframeISO 8601 durationThe time frame in which the number of sent push notification are counted. The time frame is relative to the current time.

Example HTTP response

200 OK: User is found.

JSON code sample of a user with a FIDO UAF authenticator
{
  "userId": "b29dcde8-1aef-4fe9-a88e-4bdb7d09469f",
  "username": "250558c2-1dfc-4210-84a4-ddd1a37c740a",
  "status": "active",
  "createdAt": "2023-09-25T17:51:50Z",
  "updatedAt": "2023-09-25T17:51:50Z",
  "recoveryCodes": null,
  "authenticators": "[{\"authenticatorId\":\"88c89879-42cf-4660-a86e-2e8fc626f47d\",\"name\":\"samsung SM-G973F 2023. szept. 25. 19:55:23\",\"type\":\"android\",\"authenticatorType\":\"app\",\"state\":\"active\",\"enrolledAt\":\"2024-01-18T09:46:20Z\",\"updatedAt\":\"2024-01-18T09:46:20Z\",\"uaf\":{\"userAgent\":\"NMASDK/3.3.0.1443 (samsung SM-G973F; Android 12) ch.nevis.accessapp.muvonda/2.7.0.1878\",\"deviceRef\":\"22f5ee06-f714-41f1-b819-34eff4688673\",\"userDisabledPushNotification\": false}}]",
  "phones": "[]"
}