Mocking Azure AD B2C REST API calls

There are a number of mocks out there but I’m currently using Beeceptor.

You can register and get a free account in minutes. Then you specify your root API URL.

In my case, it’s:

b2cxxx.free.beeceptor.com

Now I want to mock a “Get customer details” call from B2C. I’ll pass in an ID and get back some details.

Mocking response of { “firstName”: “Joe”, “familyName”: “Bloggs”, “emailAddress”: “joe@company.com” }

So the URL is:

b2cxxx.free.beeceptor.com/get-customer-details

As usual, the custom policy is in a gist.

The REST API call looks like:

<TechnicalProfile Id="REST-TestAPI">
<DisplayName>TestAPI</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ServiceUrl">https://b2cxxx.free.beeceptor.com/get-customer-details</Item>
<Item Key="SendClaimsIn">Body</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="AllowInsecureAuthInProduction">false</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="id" DefaultValue="123456" AlwaysUseDefaultValue="true"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName"/>
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="familyName"/>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress"/>
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
</TechnicalProfile>

When I run the policy, I see:

Screen showing “Get Customer Details” button

Don’t worry about the sign in name. I just need a self-asserted technical profile to display error messages etc.

Click “Get Customer Details”. This calls the API.

Beeceptor shows:

Request = {“id”:”123456"} Response = { “firstName”: “Joe”, “familyName”: “Bloggs”, “emailAddress”: “joe@company.com” }

The custom policy then shows:

Screen showing radio button for “Show error message”. Options are “Yes” and “No”

If we want to see the JWT, click “No”.

We then see the details returned from the API in the JWT.

Detail from JWT: “nonce”: “defaultNonce”, “iat”: 1646778311, “auth_time”: 1646778311, “given_name”: “Joe”, “family_name”: “Bloggs”, “email”: “joe@company.com”

There is a specific format for B2C error messages.

The URL is:

b2cxxx.free.beeceptor.com/error

The REST API call looks like:

<TechnicalProfile Id="REST-TestAPI-Error">
<DisplayName>TestAPI-Error</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ServiceUrl">https://b2cxxx.free.beeceptor.com/error</Item>
<Item Key="SendClaimsIn">Body</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="AllowInsecureAuthInProduction">false</Item>
</Metadata>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
</TechnicalProfile>

We mock the response:

Mock the error response: { “version”: “1.0.0”, “status”: 409, “code”: “API12345”, “requestId”: “50f0bd91–2ff4–4b8f-828f-00f170519ddb”, “userMessage”: “Message for the user”, “developerMessage”: “Verbose description of problem and how to fix it.”, “moreInfo”: “https://restapi/error/API12345/moreinfo" }

Notice that it returns a HTTP status of 409.

If we click “Yes” for the radio button, it shows a new screen:

Screen showing “Get Error” button

When we click “Get Error”, we see:

Screen showing error message: “Message for the user”

and it will continue to display the error every time the button is clicked.

Beeceptor shows:

Image showing error response: { “version”: “1.0.0”, “status”: 409, “code”: “API12345”, “requestId”: “50f0bd91–2ff4–4b8f-828f-00f170519ddb”, “userMessage”: “Message for the user”, “developerMessage”: “Verbose description of problem and how to fix it.”, “moreInfo”: “https://restapi/error/API12345/moreinfo" }

I find this really useful for playing around with the B2C JSON claims transformations etc.

Note that Beeceptor does have paid accounts that allow you to set up authentication, template the responses etc.

All good!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store